UnpressAI | uk/en

03 Jul 2026, 08:11

Citizen Lab says it found Pegasus spyware targeting Stelios Koulou in 2022 and 2023

  • Citizen Lab reports that the Pegasus phone targeting Stelios Koulou was carried out by the PEGA program between 2022 and 2023.
  • Researchers were unable to definitively confirm who operated the Pegasus spyware, but they found evidence of a connection between the operator and Russian military intelligence services.
  • Since at least 21 years old in 2022 until 6 to 7 years in 2023, NSO Group has not commented on the matter.

Citizen Lab researchers at the University of Toronto found that, during the time the Stelios Koulou phone was being operated, the Pegasus program was active between 2022 and 2023.

Citizen Lab notes that the researchers could not establish a direct link between the Pegasus operator and the specific contract. At the same time, it says that the operator’s activities appear to be linked to the Russian military, and that, based on the evidence, the operator’s activities appear to be connected to the Russian language and the Cyrillic alphabet.

Comment PEGA was mentioned in a 2022 publication by Pegasus Project by the Guardian. In the publication, the authors explain that the program’s spyware use involves the use of a specific method of mass surveillance. They also say that the program’s use may have been carried out by the operator.

According to Citizen Lab, after the first infection, the malware was deployed on the phone of the Pegasus target, and the same 21-year-old in 2022. It also states that the connection was found between 6 and 7 years in 2023, with the content being transmitted internally. The final conclusion is that, as Citizen Lab claims, the operator is not connected to Pegasus.

Citizen Lab also suggests that the first infection vector is the content of the PEGA application. It also notes that the materials indicate that Pegasus was deployed through an Apple ID email, and that, in Citizen Lab’s view, it could be used to access the same content. It also notes that the same link was found between 6 and 7 years in 2023, with the content being transmitted internally. The final conclusion is that, as Citizen Lab claims, the operator is not connected to Pegasus.

Citizen Lab says that the operator’s activities appear to be linked to the Russian military, and that, based on the evidence, the operator’s activities appear to be connected to the Russian language and the Cyrillic alphabet.

In addition, Citizen Lab says that the materials show that Pegasus was developed to target people in Europe. It also says that it is not clear why the same content was used to infect the target, but it notes that the operator used the same content to infect the target’s phone.

Tags: Europe/Technology/Crime/Research

Articles on this topic:

  • www.theguardian.com - Spyware used against MEP investigating Pegasus abuses, report finds
  • techcrunch.com - Politician who investigated spyware abuses had his phone hacked with Pegasus spyware
  • www.aljazeera.com - EU lawmaker investigating surveillance hacked by Israeli spyware, report says
  • english.aawsat.com - Researchers Say EU Lawmaker Who Investigated Surveillance Was Hacked by Israeli Spyware
  • thenextweb.com - EU lawmaker who investigated spyware abuse was hacked with Pegasus