> In May 2026, Kouloglou contacted the Citizen Lab and we conducted a forensic analysis of artifacts from his iPhone. We found with high confidence that his device was successfully infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
>> Further validating our finding of targeting, our forensic analysis shows Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024. It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.
Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?
That is kind of surprising given he is on the comittee investigating pegasus. I'd assume someone on the comittee would be paying much more attention to this than a normal person.
I wonder what triggered him to suspect he was hacked then. Since presumably something triggered him to have his phone forensically investigated.
It's possible, if the attacker controls the device enough. I don't think a big "you're being targeted" warning is something you don't notice, or forget.
I wonder how they detect it, is it for known IOCs that they've already found elsewhere, or do they have heuristic detection that flags things that might need further investigation.
Kouloglou is a famous investigative journalist, not you and me. Yes you and I might think we're being scammed, but someone who actually spent a lot of their life getting death threats probably would pay more attention.
Fairly sure that if anybody using a advanced piece of hacking software, they are also going to delete any messages that are related to detection of such hardware.
PC viruses used to do that stuff going back so many years ago. Suppressing any notification under Windows, by disabling the AV software, its notifications, windows notifications related to it.
So it will amaze me that this is not done by any modern espionage software. Especially as the notification methods are known. Given that his device is hacked, that means a lot of avenues are under control of the espionage software. Even mails etc ... So impersonating the end user, to confirm they read a warning, is extreme easy.
I find it rather odd that people are so fixated on the idea if Kouloglou read it or not.
That seems to be the case, although he claims to have somehow missed them. Overall this is one of those stories that's obviously an outrage, except for the fact that every country on Earth spies on the rest, and quite a few private entities do as well. Still the way the game is played if you get caught you have to act ashamed, and the people catching you get to gloat.
It's silly, but it's a show the public never tires of.
In this case he was investigating misuse of Pegasus spyware specifically, and was targeted with it while doing so. That's obstruction of justice, morally speaking, and would feel very scary, in that it would make you feel that this company might be so powerful that investigating it is personally dangerous.
The US does not spy on Five Eyes government leadership or that of Israel. And perhaps more: in the wake of Snowden, which obliterated many diplomatic relationships the U.S. has with other countries, Obama issued a directive that the U.S. would not monitor heads of state and government of close friends and allies (even outside Five Eyes) unless there was a compelling national security reason. As far as we know that directive has remained in force with each successive administration as well.
They spy on most others though. Germany’s Merkel, successive French presidents etc all had their phones hacked by US there is widely reported news of.
"In December 2010, leaked US diplomatic cables indicated senior New Zealand Defence Ministry officials had been spying for the United States, secretly briefing the United States embassy on Cabinet discussions about the Iraq War."
One interesting thing here, is they imply that both confidential personal medical information and confidential gov docs might have been compromised via the same phone.
Does EU parliment not have a policy of seperating work and personal devices?
Having a policy and what happens in the real world are most of the time very different things (Understandably, as the line between work and personal time is often blurry).
Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.
Not quite surprising. The more important question is: how much are lobbyists paid to sell out data of EU citizens to US corporations here? Will they prevail?
if you believe that the parent comment is propaganda, would you care to share why exactly you believe that the average european citizen benefits from mass surveillance funnelled through american channels?
It feels like they've been paid to sell out the users themselves, not just the data. It's weird that EU is so dependant on US tech when it comes to media platforms... While there are alternatives out there. In a lot of related areas in tech, it feels like suppression.
"PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies.
The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012
"
This is where I disagree as a software engineer who has seen EU products built and not adopted... I've also built products myself which were fully functioning and scalable but not widely adopted. Building is not the bottleneck.
It feels like there is a limit on distribution. Just getting people to try a product is incredibly hard. Very hard to reach them and ads feel like they're only served to bots.
Network effects are real. It is hard to convince people to move over to your platform if the selling argument is 'not quite there yet, but we got you covered on the minilib front, plus it's less usable because of our weird interpretation of our own data protection laws'.
Yes and my perspective is that GDPR has harmed EU startups and helped US companies... And probably can't be fixed now because of corporate culture around standards like SOC2 and ISO27001... Which I think are more harmful to security than helpful.
> In May 2026, Kouloglou contacted the Citizen Lab and we conducted a forensic analysis of artifacts from his iPhone. We found with high confidence that his device was successfully infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
>> Further validating our finding of targeting, our forensic analysis shows Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024. It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.
Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?
"he did not recall receiving the Apple notifications" so he didn't notice them.
That is kind of surprising given he is on the comittee investigating pegasus. I'd assume someone on the comittee would be paying much more attention to this than a normal person.
I wonder what triggered him to suspect he was hacked then. Since presumably something triggered him to have his phone forensically investigated.
Could those have been intercepted or suppressed somehow?
It's possible, if the attacker controls the device enough. I don't think a big "you're being targeted" warning is something you don't notice, or forget.
Do we know how Apple sends these? Is it just a notification, or also email?
https://support.apple.com/en-us/102174
>A Threat Notification is displayed at the top of the page after the user signs into account.apple.com.
>Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple Account.
You can see what it looks like in https://reddit.com/r/iphone/comments/1c10jai/i_have_received...
I wonder how they detect it, is it for known IOCs that they've already found elsewhere, or do they have heuristic detection that flags things that might need further investigation.
I mean his device was pwnd completely. Its not a stretch that attempts to warn are suppressed.
That or he didn't notice or could have assumed the notice itself was one of many phishing attempts against large orgs.
If I saw a notification that my account was compromised by Pegasus I'd personally assume phishing.
Kouloglou is a famous investigative journalist, not you and me. Yes you and I might think we're being scammed, but someone who actually spent a lot of their life getting death threats probably would pay more attention.
Fairly sure that if anybody using a advanced piece of hacking software, they are also going to delete any messages that are related to detection of such hardware.
PC viruses used to do that stuff going back so many years ago. Suppressing any notification under Windows, by disabling the AV software, its notifications, windows notifications related to it.
So it will amaze me that this is not done by any modern espionage software. Especially as the notification methods are known. Given that his device is hacked, that means a lot of avenues are under control of the espionage software. Even mails etc ... So impersonating the end user, to confirm they read a warning, is extreme easy.
I find it rather odd that people are so fixated on the idea if Kouloglou read it or not.
That seems to be the case, although he claims to have somehow missed them. Overall this is one of those stories that's obviously an outrage, except for the fact that every country on Earth spies on the rest, and quite a few private entities do as well. Still the way the game is played if you get caught you have to act ashamed, and the people catching you get to gloat.
It's silly, but it's a show the public never tires of.
In this case he was investigating misuse of Pegasus spyware specifically, and was targeted with it while doing so. That's obstruction of justice, morally speaking, and would feel very scary, in that it would make you feel that this company might be so powerful that investigating it is personally dangerous.
That's certainly the feeling the story is meant to engender yes.
The US does not spy on Five Eyes government leadership or that of Israel. And perhaps more: in the wake of Snowden, which obliterated many diplomatic relationships the U.S. has with other countries, Obama issued a directive that the U.S. would not monitor heads of state and government of close friends and allies (even outside Five Eyes) unless there was a compelling national security reason. As far as we know that directive has remained in force with each successive administration as well.
They spy on most others though. Germany’s Merkel, successive French presidents etc all had their phones hacked by US there is widely reported news of.
> The US does not spy on Five Eyes government leadership or that of Israel.
Doubt.
> unless there was a compelling national security reason
There always is.
US does spy on Five Eyes
https://en.wikipedia.org/wiki/United_States_espionage_in_Aus...
"In December 2010, leaked US diplomatic cables indicated senior New Zealand Defence Ministry officials had been spying for the United States, secretly briefing the United States embassy on Cabinet discussions about the Iraq War."
https://en.wikipedia.org/wiki/Foreign_espionage_in_New_Zeala...
That’s pre-Snowden
One interesting thing here, is they imply that both confidential personal medical information and confidential gov docs might have been compromised via the same phone.
Does EU parliment not have a policy of seperating work and personal devices?
Having a policy and what happens in the real world are most of the time very different things (Understandably, as the line between work and personal time is often blurry).
True but one would hope though that people dealing with national security would follow more than your average employee.
> True but one would hope though that people dealing with national security would follow more than your average employee.
The more important you are the more you may think that exceptions can be made for you.
Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.
Same story in Poland:
https://notesfrompoland.com/2026/02/26/poland-charges-former...
Everything looks like a nail if you have a hammer.
Not quite surprising. The more important question is: how much are lobbyists paid to sell out data of EU citizens to US corporations here? Will they prevail?
There is enough money to go around for certain.
Pro tip: if you’re going to try a propoganda - don’t be so transparent on your redirect.
if you believe that the parent comment is propaganda, would you care to share why exactly you believe that the average european citizen benefits from mass surveillance funnelled through american channels?
It feels like they've been paid to sell out the users themselves, not just the data. It's weird that EU is so dependant on US tech when it comes to media platforms... While there are alternatives out there. In a lot of related areas in tech, it feels like suppression.
"PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies.
The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012 "
https://en.wikipedia.org/wiki/PRISM
This might be taken as hyperbolic, but the EU seems to have trouble building anything.
This is where I disagree as a software engineer who has seen EU products built and not adopted... I've also built products myself which were fully functioning and scalable but not widely adopted. Building is not the bottleneck.
It feels like there is a limit on distribution. Just getting people to try a product is incredibly hard. Very hard to reach them and ads feel like they're only served to bots.
Network effects are real. It is hard to convince people to move over to your platform if the selling argument is 'not quite there yet, but we got you covered on the minilib front, plus it's less usable because of our weird interpretation of our own data protection laws'.
Yes and my perspective is that GDPR has harmed EU startups and helped US companies... And probably can't be fixed now because of corporate culture around standards like SOC2 and ISO27001... Which I think are more harmful to security than helpful.