TL;DRCivil society groups and MEPs are demanding urgent European Commission action on spyware after Citizen Lab confirmed that Stelios Kouloglou, a member of the Parliament’s PEGA spyware inquiry, was himself hacked with Pegasus in 2022 and 2023. The attacker is unknown, the Commission is silent, and the PEGA committee’s 2023 recommendations remain largely unanswered. This is the follow-up beat to TNW’s earlier story on the hack itself.

Pressure is mounting on the European Commission to act on spyware, after forensic evidence showed one of the EU’s own spyware investigators was hacked with Pegasus. Civil society groups issued a joint statement demanding the abuse be met with accountability, “not impunity”.

Citizen Lab confirmed last week that Stelios Kouloglou, a Greek former MEP, was infected in October 2022 and again in March 2023. The infections hit while he served on the PEGA committee, the European Parliament’s inquiry into exactly this kind of abuse.

The attacker remains unidentified, and Citizen Lab says it has no indication the Greek government was responsible. The same Pegasus-linked email address appeared in an earlier campaign against journalists across Europe, suggesting a customer authorised to deploy the NSO Group tool in multiple countries.