
Pegasus Hack of EU Spyware Investigator Exposes Europe’s Political Vulnerability to Surveillance Tech
An EU lawmaker serving on a committee probing spyware abuse was himself hacked with Pegasus in 2022 and 2023, according to forensic analysis by Citizen Lab. The breach reaches into the heart of Europe’s oversight machinery, raising hard questions about who accessed sensitive committee documents and how secure EU institutions really are from the tools they are investigating.
A member of the European Parliament tasked with investigating the abuse of spyware across the EU was himself hacked with Pegasus while serving on that committee, in a breach that cuts to the core of Europe’s ability to police one of the most controversial surveillance tools of the past decade.
Forensic analysts at Citizen Lab say Greek MEP Stelios Kouloglou’s iPhone was compromised twice — in October 2022 and March 2023 — likely via a so‑called zero‑click exploit linked to Apple’s HomeKit system. Such exploits do not require the target to click on a malicious link, making them harder to detect and defend against. During those periods, attackers could have accessed data on his device, including potentially sensitive documents and deliberations related to the European Parliament’s committee examining the use and abuse of spyware by EU governments.
For European lawmakers and staff, the episode is a jarring reminder that oversight bodies are not standing outside the surveillance ecosystem they scrutinize, but are embedded within it and vulnerable to the same tools. If a committee member charged with asking who ordered which surveillance, under what rules, can have his own phone taken over, then the confidentiality of witness testimony, draft reports, and internal strategy discussions cannot be taken for granted.
Operationally, the hack represents a coup for whoever ordered it. Pegasus, sold by Israel’s NSO Group, gives operators deep access to a phone’s contents and sensors, potentially including messages, emails, contacts, microphones and cameras. In the context of a parliamentary inquiry, that kind of window could provide early insight into what evidence is being collected, which countries or agencies are under scrutiny, and where political pressure might fall. In effect, the watchdog becomes an unwilling source.
The strategic implications go beyond one committee or one MEP. The revelation underscores how advanced spyware erodes the internal trust that EU institutions depend on to handle classified or politically explosive information. Colleagues may now reasonably ask how many other devices inside Brussels, Strasbourg or national capitals have been quietly compromised, and by whom. That uncertainty weakens Europe’s hand when it seeks to set global norms on surveillance, privacy, and human rights.
The fact that Citizen Lab attributes the hack to a likely HomeKit zero‑click exploit also shows how spyware vendors and their clients are exploiting the connective tissue of modern digital life — the services and frameworks that link phones to homes, workplaces and cars. Defending high‑value political targets now requires not only traditional cybersecurity but also a hard look at how consumer features can become attack surfaces.
One lesson stands out: when oversight of surveillance depends on digital tools, those tools themselves become part of the battleground. A committee can subpoena documents and question ministers, but if its own communications are siphoned off in real time, the power balance quietly tips toward those wielding the spyware.
In the months ahead, watch for whether EU institutions move to expand device security measures for lawmakers, whether there is any formal attribution of the attacks to a specific state or actor, and how this breach shapes pending EU regulations on spyware and intrusive technologies. Those responses will show whether Europe treats this episode as an embarrassing anomaly — or as proof that its political core is directly exposed to the very tools it is struggling to regulate.
Sources
- OSINT