Armenia spyware victims: Pegasus hacking in war

Same government, more victims: Access Now calls for an urgent investigation into hacking of MEP

Access Now joins more than 30 human rights organizations and individuals in condemning the Pegasus spyware attack against Stelios Kouloglou, a Greek journalist and then-Member of the European Parliament, while he was serving on the PEGA committee, a European Parliament committee that investigated Pegasus and other spyware abuses, as revealed by the Citizen Lab. Citizen Lab’s report indicates that Kouloglou’s iPhone was infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.

Access Now is especially concerned about Citizen Lab’s shocking finding that on October 21, Kouloglou’s iPhone was hacked by the same government that also targeted several victims in our joint 2024 investigation of Pegasus hacking of Russian- and Belarusian-speaking journalists and activists based in the EU. According to the Citizen Lab’s forensic analysis, on that day, Kouloglou was targeted from the same Apple ID  — rauharepo888[@]gmail.com —  as several of the victims named in the report. Citizen Lab has no evidence that the hacking was the work of the Greek, Russian, or Belarusian government.

The findings in the Citizen Lab report that the same government that hacked Russian and Belarusian journalists in exile has also targeted the European Parliament are shocking but not surprising.Those who target civil society do not stop there, but often also target other groups, including government officials. The scourge of spyware must be urgently addressed, as it’s a threat to human rights, democracy, and national security. Natalia Krapiva, Senior Tech-Legal Counsel at Access Now

Citizen Lab’s report indicates that Kouloglou was hacked during key periods of PEGA Committee activity and would have likely allowed the attacker to capture non-public information about committee activities, including preparations for the publication of its first draft report. On the date of the first documented infection, Kouloglou was in the hospital and visited by Greek investigative journalist Thanasis Koukakis, who had testified to the PEGA Committee the previous month as he was himself targeted with Intellexa’s Predator spyware. The timing suggests that the attacker was likely interested in monitoring Kouloglou’s activities and communications related to the PEGA Committee.

The failure of any state to take responsibility for the unlawful spyware infections of Belarusian and Russian exiled journalists documented in 2024 only fuels impunity. Without accountability, these abuses will continue. We call on the EU Member States to effectively investigate all the incidents and to guarantee that all the victims will have access to effective remedies and justice. Marcel Kolaja, Policy & Advocacy Director – Europe, at Access Now

Access Now and civil society partners recommend the EU conduct an independent and impartial investigation into the hacking of Kouloglou, determine the full scope of the spyware targeting of the PEGA Committee, provide effective remedies to the affected victims, and implement the PEGA Committee’s recommendations.

Read the full statement