I am not an expert, but my belief is that Pegasus does not maintain persistence.
While the Wikipedia article claims Pegasus "jailbreaks" the iPhone to maintain persistence. Every technical article I've read says that a reboot clears Pegasus (albeit, it is easy to re-infect with a no-click exploit without the user's knowledge).
Hopefully, someone more knowledgeable can chime in with citations.
Haven't read about Pegasus, but what you describe is the behavior of bootkits.
Factory reset does not imply that you erase 100% of your permanent storage: some part of it should contain the system programs to restore the system. If these system programs or the clean OS image are modified, then factory reset won't help
I don’t know about the original claim either way, but I would be even more impressed and scared if it survived an iTunes restore (basically a PC reflashes the iPhone’s OS image with an image downloaded from Apple.)
Apple has firmware restore features in ROM. I would also assume (hope?) that there’s a procedure to enter the ROM-based restore that is impossible to intercept in software (maybe holding the power button for 10 seconds initiates a hardware reset into the ROM.)
If you're being targeted with anything like Pegasus (i.e. a state sponsored attack), you should definitely assume that even a factory reset will not fix the issue. It's more about "better safe than sorry" than anything that can be said with certainty, since these attacks may evolve over time.
