Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

100% Positive

Analyzed from 1098 words in the discussion.

Trending Topics

#pegasus#more#apple#notifications#kouloglou#spyware#countries#european#same#https

Discussion (61 Comments)Read Original on HackerNews

petcatabout 3 hours ago
> In May 2026, Kouloglou contacted the Citizen Lab and we conducted a forensic analysis of artifacts from his iPhone. We found with high confidence that his device was successfully infected with Pegasus spyware on or around October 21, 2022, and again on March 6 and 7, 2023.
matheusmoreiraabout 2 hours ago
I wonder if we can forensically analyze our own phones to see if some nutjob with Pegasus has targeted us as well.
mikepondersabout 1 hour ago
matheusmoreiraabout 1 hour ago
Thanks!
sanguinesphinxabout 1 hour ago
How many nutjobs with Pegasus are really running around out there?
chatmastaabout 1 hour ago
I think OP is more worried about one nutjob with a lot of targets.
theoreticalmal25 minutes ago
If I could deploy Pegasus to randoms, I probably would. Wouldn’t do anything with it, but it’d be a cool project
VWWHFSfQabout 3 hours ago
>> Further validating our finding of targeting, our forensic analysis shows Kouloglou received multiple Apple threat notifications about targeting with mercenary spyware on three occasions: March 2, 2023, August 29, 2023, and April 10, 2024. It is important to note that threat notifications from Apple and other companies are not real-time alerts. They are typically sent to users in batches, often months or more after targeting takes place.

>> Kouloglou reports to us that he did not recall receiving the Apple notifications we observed.

Am I understanding this correctly that Apple sent him notifications that he was being monitored and he ignored them?

pmontraabout 3 hours ago
"he did not recall receiving the Apple notifications" so he didn't notice them.
bawolffabout 2 hours ago
That is kind of surprising given he is on the comittee investigating pegasus. I'd assume someone on the comittee would be paying much more attention to this than a normal person.

I wonder what triggered him to suspect he was hacked then. Since presumably something triggered him to have his phone forensically investigated.

chatmastaabout 1 hour ago
Do they send them via notification infrastructure or email? Personally I almost never check the email associated with my Apple ID so I would miss those. But if all my Apple devices were notifying me and I had a badge in Settings.app, I’d notice.

Then again, you’d think that’s the kinda thing malware developers would spend some time learning to hide from the user.

arka2147483647about 2 hours ago
Could those have been intercepted or suppressed somehow?
captn3m0about 2 hours ago
Do we know how Apple sends these? Is it just a notification, or also email?
lostloginabout 1 hour ago
I could be wrong here, but I can’t see any way of viewing old notifications.

It isn’t hard to accidentally dismiss one then wonder what it was. Why there isn’t there an interface for looking back?

Edit: below it says there are emails and notices on web login.

saintfireabout 2 hours ago
I mean his device was pwnd completely. Its not a stretch that attempts to warn are suppressed.

That or he didn't notice or could have assumed the notice itself was one of many phishing attempts against large orgs.

If I saw a notification that my account was compromised by Pegasus I'd personally assume phishing.

stavrosabout 2 hours ago
Kouloglou is a famous investigative journalist, not you and me. Yes you and I might think we're being scammed, but someone who actually spent a lot of their life getting death threats probably would pay more attention.
EA-3167about 2 hours ago
That seems to be the case, although he claims to have somehow missed them. Overall this is one of those stories that's obviously an outrage, except for the fact that every country on Earth spies on the rest, and quite a few private entities do as well. Still the way the game is played if you get caught you have to act ashamed, and the people catching you get to gloat.

It's silly, but it's a show the public never tires of.

healthworkerabout 2 hours ago
In this case he was investigating misuse of Pegasus spyware specifically, and was targeted with it while doing so. That's obstruction of justice, morally speaking, and would feel very scary, in that it would make you feel that this company might be so powerful that investigating it is personally dangerous.
hammockabout 2 hours ago
The US does not spy on Five Eyes government leadership or that of Israel. And perhaps more: in the wake of Snowden, which obliterated many diplomatic relationships the U.S. has with other countries, Obama issued a directive that the U.S. would not monitor heads of state and government of close friends and allies (even outside Five Eyes) unless there was a compelling national security reason. As far as we know that directive has remained in force with each successive administration as well.

They spy on most others though. Germany’s Merkel, successive French presidents etc all had their phones hacked by US there is widely reported news of.

freehorseabout 1 hour ago
> we note an overlap between the first infection and a previously identified Pegasus campaign targeting Russian and Belarusian-speaking exiled journalists and activists in Europe, suggesting a Pegasus customer with authorization to spy in multiple European countries is responsible.

Who has "authorization to spy in multiple European countries"?

In this older article [0] about one of the mentioned russian exiles case it is mentioned that estonia and netherlands have used pegasus outside their borders, but there could be also others with such license

> the Netherlands’ General Intelligence and Security Service (AIVD) and an unnamed Estonian government agency, appear to use Pegasus extensively outside their borders, including within multiple European countries

However if the link between the russian exiles cases and kouloglou checks (through use of same mode of attack), a country like estonia sounds more likely. However, it can always be that an agency with access to pegasus uses it collaborating with/on behalf of an agency without.

[0] https://www.accessnow.org/publication/hacking-meduza-pegasus...

bawolffabout 2 hours ago
One interesting thing here, is they imply that both confidential personal medical information and confidential gov docs might have been compromised via the same phone.

Does EU parliment not have a policy of seperating work and personal devices?

deweyabout 2 hours ago
Having a policy and what happens in the real world are most of the time very different things (Understandably, as the line between work and personal time is often blurry).
bawolffabout 2 hours ago
True but one would hope though that people dealing with national security would follow more than your average employee.
throw0101dabout 2 hours ago
> True but one would hope though that people dealing with national security would follow more than your average employee.

The more important you are the more you may think that exceptions can be made for you.

drdexebtjlabout 1 hour ago
From what I understood, he took his compromised work phone to the hospital, and the concern is that it may have recorded conversations that contained personal medical information.

He didn’t have medical information on the phone.

elorantabout 2 hours ago
Around that time a lot of politicians in Greece had their phones hacked by Pegasus. It's an ongoing scandal in Greece that never got fully resolved, although all evidence indicate that it was an operation orchestrated by the office of the prime minister in coordination with the local intelligence service. So I wouldn't call that an attack against the European parliament.
freehorseabout 1 hour ago
small correction, that is predator/intellexa, not pegasus/nso. So this is different
Krasnolabout 2 hours ago
Same story in Poland:

https://notesfrompoland.com/2026/02/26/poland-charges-former...

Everything looks like a nail if you have a hammer.

0x_rsabout 1 hour ago
Just for context, some european contries have been abusing spyware such as Pegasus so much Israeli firms have cut ties with them, one such example below with Italy. Others have pointed out Greece and Poland. It's quite laughable that a member of the EU parliament would be subject to the same kind of spying activities innocent journalists, activists and possibly normal people are, all of that by the member states of the union, directly contributing to the Israeli companies developing and spreading malware.

https://www.bbc.com/news/articles/cvgmzdjw24yo

notrealyme123about 1 hour ago
Cutting ties after there has been an outcry is damage controll. I would assume that the product is still available under another sub vendor to the same people.
omnimusabout 1 hour ago
Of course it's damage control. The post just tries to paint the europeans as incompetent to hold the power. The company making spyware is somehow wise, righteous and saintly.
jojobasabout 1 hour ago
Euro Parliament/Euro Commission are comically open to espionage. French/Belgian counterintelligence are not allowed to do much, and there is little in terms of EU counterintelligence.
Hizonner38 minutes ago
How is it that any NSO employee is still able to travel outside Israel without getting arrested? Seems like they're involved in criminal conspiracies in like half the countries in the world.
an0malous33 minutes ago
Because that would be antisemitic