> In May 2026, Kouloglou contacted the Citizen Lab and we conducted a forensic analysis of artifacts from his iPhone. We found with high confidence that his device was successfully infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
>> Further validating our finding of targeting, our forensic analysis shows Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024. It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.
Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?
I wonder how they detect it, is it for known IOCs that they've already found elsewhere, or do they have heuristic detection that flags things that might need further investigation.
That seems to be the case, although he claims to have somehow missed them. Overall this is one of those stories that's obviously an outrage, except for the fact that every country on Earth spies on the rest, and quite a few private entities do as well. Still the way the game is played if you get caught you have to act ashamed, and the people catching you get to gloat.
It's silly, but it's a show the public never tires of.
In this case he was investigating misuse of Pegasus spyware specifically, and was targeted with it while doing so. That's obstruction of justice, morally speaking, and would feel very scary, in that it would make you feel that this company might be so powerful that investigating it is personally dangerous.
Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.
Not quite surprising. The more important question is: how much are lobbyists paid to sell out data of EU citizens to US corporations here? Will they prevail?
It feels like they've been paid to sell out the users themselves, not just the data. It's weird that EU is so dependant on US tech when it comes to media platforms... While there are alternatives out there. In a lot of related areas in tech, it feels like suppression.
> In May 2026, Kouloglou contacted the Citizen Lab and we conducted a forensic analysis of artifacts from his iPhone. We found with high confidence that his device was successfully infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
>> Further validating our finding of targeting, our forensic analysis shows Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024. It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.
>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.
Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?
"he did not recall receiving the Apple notifications" so he didn't notice them.
Could those have been intercepted or suppressed somehow?
Do we know how Apple sends these? Is it just a notification, or also email?
https://support.apple.com/en-us/102174
>A Threat Notification is displayed at the top of the page after the user signs into account.apple.com.
>Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple Account.
You can see what it looks like in https://reddit.com/r/iphone/comments/1c10jai/i_have_received...
I wonder how they detect it, is it for known IOCs that they've already found elsewhere, or do they have heuristic detection that flags things that might need further investigation.
That seems to be the case, although he claims to have somehow missed them. Overall this is one of those stories that's obviously an outrage, except for the fact that every country on Earth spies on the rest, and quite a few private entities do as well. Still the way the game is played if you get caught you have to act ashamed, and the people catching you get to gloat.
It's silly, but it's a show the public never tires of.
In this case he was investigating misuse of Pegasus spyware specifically, and was targeted with it while doing so. That's obstruction of justice, morally speaking, and would feel very scary, in that it would make you feel that this company might be so powerful that investigating it is personally dangerous.
That's certainly the feeling the story is meant to engender yes.
The US does not spy on Five Eyes government leadership or that of Israel. They spy on most others though.
Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.
Not quite surprising. The more important question is: how much are lobbyists paid to sell out data of EU citizens to US corporations here? Will they prevail?
There is enough money to go around for certain.
It feels like they've been paid to sell out the users themselves, not just the data. It's weird that EU is so dependant on US tech when it comes to media platforms... While there are alternatives out there. In a lot of related areas in tech, it feels like suppression.
Pro tip: if you’re going to try a propoganda - don’t be so transparent on your redirect.