Tech giant Apple announced Tuesday it is suing Israel’s NSO Group, seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.
Apple said in a complaint filed in federal court in California that NSO Group employees are “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” Apple said NSO Group’s spyware, called Pegasus, had been used to attack a small number of Apple customers worldwide.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering.
NSO Group has broadly denied wrongdoing and said its products have been used by governments to prevent terrorism and crime. The company did not immediately return a request for comment on Tuesday.
It’s the latest blow to the hacking firm, which was recently blacklisted by the U.S. Commerce Department and is currently being sued by social media giant Facebook.
Security researchers have found Pegasus being used around the world to break into the phones of human rights activists, journalists and even members of the Catholic clergy.
Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone’s microphones and cameras. Researchers have found several examples of NSO Group tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction.
The Biden administration announced this month that NSO Group and another Israeli cybersecurity firm called Candiru were being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports.
Also this month, security researchers disclosed that Pegasus spyware was detected on the cellphones of six Palestinian human rights activists. And Mexican prosecutors recently announced they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.
Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app. A U.S. federal appeals court issued a ruling this month rejecting an effort by NSO Group to have the lawsuit thrown out.
Apple also announced Tuesday that it was donating $10 million, as well as any damages won in the NSO Group lawsuit, to cybersurveillance researchers and advocates.