Hours after Apple filed a lawsuit against Israeli spyware maker NSO Group, it sent threat notification alerts to notify victims of state-sponsored hackers that they had been targets, including activists and researchers in Thailand, El Salvador and Uganda.
In El Salvador, for example, at least a dozen staff members of a newspaper known to be deeply critical of the government were alerted. The message sent from Apple warns: "Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely targeting you individually because of who you are or what you do."
Further it said, "If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously."
On Tuesday Apple filed suit in a US federal court against NSO Group over its notorious Pegasus malware, seeking to collect what appear to be largely symbolic damages of over $75,000. But ultimately the legal action is toward gaining a permanent injunction which would bar the Israeli firm from ever using Apple software or devices.
Further the US company is using the lawsuit as a "warning" to other international makers of spyware. The following is the statement released by Apple and in the lawsuit:
"The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place," Ivan Krstic, Apple’s head of security engineering and architecture, said in a tweet.
NSO Group software permits "attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers," Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not “ordinary consumer malware."
NSO Group is well-known to work closely with the Israeli government as a key defense contractor, and government authorities oversee and regulate the export of Pegasus as a unique defense technology which must be prevented from being used by Israel's enemies. The spyware is actually controlled for export in the same way that weapons would be.
It's believed the Saudis, for example, used such technology to hack and track journalists and dissidents, such as the murdered Jamal Khashoggi, killed at the Istanbul consulate in 2018 at the hands of Saudi operatives on orders from the kingdom.
Revelations starting in 2018 detailed that the cutting edge spyware was used by foreign governments to hack Western allies, including accessing the mobile numbers of French President Emmanuel Macron and much of his cabinet. But it appears many more victims on the list were activists, journalists, and political oppositionists in various countries, often whose governments are seen as friendly to Israel.
The Israeli government itself has come under fresh pressure, including from the Biden administration, over the whole scandal. At the start of this month NSO Group and another Israeli spyware company were placed on a US blacklist by the Biden administration, in an almost unprecedented US move targeting of an Israeli entity. US firms or entities now have to seek a special US waiver if they want to do business with the company. The White House said it moved against NSO for having acted "contrary to the foreign policy and national security interests of the US". It appears Apple is now trying to tighten the noose.