Apple sues NSO Group over Pegasus attacks on its customers

Apple logo on the side of a building
(Image credit: Shutterstock)

Apple has filed a lawsuit against Israel-based NSO Group for allegedly hacking Apple users and violating US federal and state laws.

In addition to the lawsuit against NSO Group and its parent company OSY Technologies, Apple will also seek a permanent injunction to ban NSO Group from using any product made by Apple, including software, hardware, and services.

Apple said NSO Group has created "sophisticated, state-sponsored surveillance technology" to allow whoever purchases a licence to use it to surveil a highly targeted, small selection of individuals.

NSO Group is most famous for creating the Pegasus spyware capable of monitoring and stealing information from specific targets' devices and allegedly selling it to nation-states.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, senior vice president of software engineering at Apple.

“Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous," he added. "While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

Apple plans to reveal new information about the FORCEDENTRY exploit Pegasus used to gain access to the microphone, camera, and sensitive data on iOS and Android devices as part of the lawsuit.

NSO Group's hacking history

The exploit was first discovered by Citizen Lab researchers based at the University of Toronto. Apple patched this no-click zero-day vulnerability in September this year which saw bad actors able to send malicious iMessages and infect a victim's iPhone, iPad, Apple Watch, and Mac without any user intervention.

"Part of [NSO Group's] pitch is you don’t need much sophistication; just sit at this console, enter a phone number, and presto, you can start pulling data from that phone," said John Scott-Railton, senior researcher at Citizen Lab to the Darknet Diaries podcast. "Their business model is kind of somewhere between hacking as a service and the provision of software.

"Basically what they’re offering to their customers is the ability to target an arbitrary cell phone and gain access and persistence," he added.

Earlier this year, a joint investigation by 17 global media organisations revealed that Pegasus spyware was sold to authoritarian governments and then targeted at least 50,000 journalists, government officials, human rights activists, and other high-profile figures.


Hybrid cloud for video surveillance

What it is and why you'll want one


In perhaps the most high-profile Pegasus case to date, forensic investigations following the high-profile killing of journalist Jamal Khashoggi in 2018, ordered by the Saudi Arabian government - an NSO Group client, revealed Pegasus spyware was found on his mobile phone.

Asked directly about whether it knows that Pegasus was being used to surveil journalists and violate human rights, Shalev Hulio, co-founder of and the 'S' in NSO Group, said to Darknet Diaries: "I only say that we are selling Pegasus in order to prevent crime and terror".

That's the typical line given to media from NSO Group which believes Pegasus has saved the lives of tens of thousands of people.

US sanctions and financial instability

The US imposed sanctions on NSO Group in November 2021, along with three other companies, stipulating that no US companies may have any dealings with NSO Group without a license from the US government.

The move prompted NSO Group's CEO Isaac Benbenisti to quit the role he accepted less than a week prior. Benbenisti hadn't even started his job at NSO Group before his resignation was announced a week after US sanctions were announced.

The sanctions had additional ripple effects on the company as Bloomberg reported that Wall Street is now treating it as a distressed asset, which could lead to further revenue contraction, and that it is currently struggling to repay a $500 million (£374 million) debt.

NSO Group is reportedly facing cash flow issues and recent alleged attempts to generate further sales with nations such as France - an allegation France denies - have failed.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.