Apple Sues NSO Group After 9th Cir. Blocks Sovereign Immunity Defense in WhatsApp Case

Last week’s complaint by Apple Inc. alleges that defendants NSO Group Technologies Limited and related entity, Q Cyber Technologies Limited are “hackers— amoral 21st century mercenaries,” that illegally exploited Apple’s products to the detriment of the company and its users, all for commercial gain. On Tuesday, the Computer Fraud and Abuse Act (CFAA) case was assigned to San Francisco, Calif. Judge Maxine M. Chesney.

The complaint follows a recent Ninth Circuit decision finding that NSO Group and Q Cyber could not shield themselves from similar accusations using the doctrine of sovereign immunity. That case, filed by WhatsApp Inc. and parent Meta Platforms Inc., has been remanded to another San Francisco judge for further proceedings.

Apple’s complaint explains that the defendants develop and sell “offensive and destructive malware and spyware products and services” that have been used to target government officials, journalists, businesspeople, activists, academics, and U.S. nationals. The filing details Apple’s purportedly robust cybersecurity systems and provides several examples of how the defendants circumvented them in order to enable attacks on Apple users and data stored on their devices. 

The plaintiff ultimately seeks redress for the defendants’ alleged federal and state law violations arising from their 2021 efforts to target and attack Apple customers, Apple products and servers, and Apple. The complaint specifies that the defendants “did not breach data contained on Apple’s servers, but did abuse Apple services and servers to perpetrate attacks.” 

The complaint states four claims for relief under the CFAA, the California Business and Professions Code, and for breach of contract, specifically breach of Apple’s iCloud Terms, and in the alternative for unjust enrichment.

The suit seeks to enjoin the defendants from accessing and using any Apple servers, devices, hardware, software, and applications and from using or causing others to use malware on Apple products. It also asks the court to order the defendants to identify the location of any and all information obtained therefrom. For monetary relief, the plaintiff seeks damages and in the alternative, the disgorgement of ill-gotten profits. Apple is represented by Wilmer Cutler Pickering Hale and Dorr LLP.