On 23^rd November 2021, Apple sue NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting users with the Pegasus spyware.

“Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.” stated the published article from Apple

NSO Group is an Israeli technology firm which is famous as the Pegasus spyware maker. The create state-sponsored spyware are used on to attack a small number of users in multiple platforms like IOS and Android mainly targeting journalists, activists, dissidents, academics, and government officials.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering.

He further said ““Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

Apple plans to notify users who have been targeted by this state-sponsored attacks. They will display a “threat Notification” when the users sign into applied.apple.com and will also email and iMessage to required Apple users. Apple also said that they will contribute $10 million to organizations that are involved in cyber-surveillance research and advocates.

The complaint of Apple on NSO reads as “On information and belief, after obtaining Apple IDs, Defendants executed the FORCEDENTRY exploit first by using their computers to contact Apple servers in the United States and abroad to identify other Apple devices. Defendants contacted Apple servers using their Apple IDs to confirm that the target was using an Apple device. Defendants would then send abusive data created by Defendants through Apple servers in the United States and abroad for purposes of this attack. The abusive data was sent to the target phone through Apple’s iMessage service, disabling logging on a targeted Apple device so that Defendants could surreptitiously deliver the Pegasus payload via a larger file. That larger file would be temporarily stored in an encrypted form unreadable to Apple on one of Apple’s iCloud servers in the United States or abroad for delivery to the target”

Reference

• Apple Press Release
• Apple vs NSO Compliant