# Pegasus Hits Its Watchdog: Spyware Infection of EU Lawmaker Exposes Europe’s Surveillance Vulnerability

*Tuesday, July 14, 2026 at 2:14 PM UTC — Hamer Intelligence Services Desk*

**Published**: 2026-07-14T14:14:34.164Z (2h ago)
**Category**: cyber | **Region**: Global
**Importance**: 7/10
**Sources**: OSINT
**Permalink**: https://hamerintel.com/data/articles/11059.md
**Source**: https://hamerintel.com/summaries

---

**Deck**: A Greek member of the European Parliament serving on the committee investigating Pegasus abuses was himself twice infected with the spyware, researchers say. The breach cuts to the heart of Europe’s promise to police digital surveillance, raising questions over who is spying on EU institutions and how secure lawmakers really are.

The European Union’s effort to police abusive spyware use has been hit at its core. Citizen Lab, a leading digital forensics group, has assessed with high confidence that Stelios Kouloglou, a Greek member of the European Parliament who served as a substitute on the legislature’s PEGA committee investigating Pegasus and similar tools, had his phone infected twice with Pegasus in 2022 and 2023.

According to Citizen Lab’s public findings, Kouloglou’s device was compromised in October 2022 and again in March 2023. The first infection occurred while he was hospitalized, underscoring how little control even a cautious user can exert when targeted by top‑tier spyware. The second came months later, suggesting that whoever was behind the operation saw continued value in monitoring a lawmaker directly involved in probing the very technology being deployed against him. The group did not attribute the attack to a specific government, but Pegasus is known to be sold by Israel’s NSO Group exclusively to state clients, and previous investigations have linked its use to multiple European and non‑European security services.

The human implications are personal and political. For Kouloglou, the infections likely exposed private communications, health details and the confidential deliberations of an EU committee tasked with scrutinizing governments’ use of spyware. For his staff, interlocutors and sources, every message exchanged over those months carries a new risk of compromise. And for other lawmakers and officials who assumed that being inside the institutional bubble of the European Parliament offered some protection, the case is a blunt reminder that the devices they carry are potential listening posts for foreign or even domestic intelligence services.

The operational stakes reach well beyond one parliamentarian. Pegasus, once installed, can turn a phone into a portable surveillance platform, giving operators access to encrypted chats, emails, location data, microphones and cameras. If deployed inside EU institutions, that capability is no longer only about monitoring dissidents or journalists but about intelligence collection on legislative strategy, sanctions debates, trade negotiations and security policy. In an era where the EU is trying to chart an independent line between the United States and China and to manage crises from Ukraine to the Middle East, the possibility that hostile or even allied services are quietly reading lawmakers’ phones is a structural vulnerability.

Strategically, the infection of a PEGA committee member threatens to undercut the EU’s credibility as it weighs regulation or bans on commercial spyware. The committee was created to investigate “the use of Pegasus and equivalent surveillance spyware” following revelations that such tools had been used against opposition figures, activists and journalists in several member states, including Greece, Poland and Spain. The fact that someone tied to the inquiry was targeted while serving on it raises immediate questions: were the attackers trying to pre‑empt scrutiny, understand the committee’s internal thinking, or intimidate those pushing for tighter rules?

The case also feeds into a wider narrative about how unevenly digital power is distributed between states and citizens. Governments and their contractors can deploy zero‑click exploits — which infect devices without the user needing to tap a link — while oversight bodies often rely on voluntary disclosures and limited investigative tools. When the watchdog itself is compromised, confidence in formal safeguards erodes.

The memorable takeaway is this: if the person investigating spyware abuses can be hacked by the very tool he is studying, no one in Europe’s political system can assume they are out of scope.

What to watch next will be whether the European Parliament or national authorities launch formal investigations into who ordered the targeting of Kouloglou, whether NSO or its regulators face fresh legal or political pressure in Europe, and if this incident accelerates moves toward an EU‑wide regime governing not only the purchase but the domestic use of powerful surveillance software.
