IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple sues NSO Group over Pegasus attacks on its customers

The lawsuit claims 'flagrant' violations of US federal and state law from the Israeli firm behind the infamous spyware

Apple has filed a lawsuit against Israel-based NSO Group for allegedly hacking Apple users and violating US federal and state laws.

In addition to the lawsuit against NSO Group and its parent company OSY Technologies, Apple will also seek a permanent injunction to ban NSO Group from using any product made by Apple, including software, hardware, and services.

Apple said NSO Group has created "sophisticated, state-sponsored surveillance technology" to allow whoever purchases a licence to use it to surveil a highly targeted, small selection of individuals.

NSO Group is most famous for creating the Pegasus spyware capable of monitoring and stealing information from specific targets' devices and allegedly selling it to nation-states.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, senior vice president of software engineering at Apple.

“Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous," he added. "While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

Apple plans to reveal new information about the FORCEDENTRY exploit Pegasus used to gain access to the microphone, camera, and sensitive data on iOS and Android devices as part of the lawsuit.

NSO Group's hacking history

The exploit was first discovered by Citizen Lab researchers based at the University of Toronto. Apple patched this no-click zero-day vulnerability in September this year which saw bad actors able to send malicious iMessages and infect a victim's iPhone, iPad, Apple Watch, and Mac without any user intervention.

"Part of [NSO Group's] pitch is you don’t need much sophistication; just sit at this console, enter a phone number, and presto, you can start pulling data from that phone," said John Scott-Railton, senior researcher at Citizen Lab to the Darknet Diaries podcast. "Their business model is kind of somewhere between hacking as a service and the provision of software.

"Basically what they’re offering to their customers is the ability to target an arbitrary cell phone and gain access and persistence," he added.

Earlier this year, a joint investigation by 17 global media organisations revealed that Pegasus spyware was sold to authoritarian governments and then targeted at least 50,000 journalists, government officials, human rights activists, and other high-profile figures.

Related Resource

Hybrid cloud for video surveillance

What it is and why you'll want one

Wasabi_Hybrid_Cloud_Video_Surveillance_WP_coverFree download

In perhaps the most high-profile Pegasus case to date, forensic investigations following the high-profile killing of journalist Jamal Khashoggi in 2018, ordered by the Saudi Arabian government - an NSO Group client, revealed Pegasus spyware was found on his mobile phone.

Asked directly about whether it knows that Pegasus was being used to surveil journalists and violate human rights, Shalev Hulio, co-founder of and the 'S' in NSO Group, said to Darknet Diaries: "I only say that we are selling Pegasus in order to prevent crime and terror".

That's the typical line given to media from NSO Group which believes Pegasus has saved the lives of tens of thousands of people.

US sanctions and financial instability

The US imposed sanctions on NSO Group in November 2021, along with three other companies, stipulating that no US companies may have any dealings with NSO Group without a license from the US government. 

The move prompted NSO Group's CEO Isaac Benbenisti to quit the role he accepted less than a week prior. Benbenisti hadn't even started his job at NSO Group before his resignation was announced a week after US sanctions were announced.

The sanctions had additional ripple effects on the company as Bloomberg reported that Wall Street is now treating it as a distressed asset, which could lead to further revenue contraction, and that it is currently struggling to repay a $500 million (£374 million) debt.

NSO Group is reportedly facing cash flow issues and recent alleged attempts to generate further sales with nations such as France - an allegation France denies - have failed.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Apple "completely redesigns" IT certifications, introduces two new exams
Careers & training

Apple "completely redesigns" IT certifications, introduces two new exams

19 May 2022
Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Three lessons the iPod can teach us about disruption
Technology

Three lessons the iPod can teach us about disruption

11 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off
Security

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022