Apple has so far said little about the furore surrounding the Pegasus spyware, developed by NSO Group and used by authorities in various countries to spy on citizens via their iPhones.

Instead, the company has been quietly preparing a lawsuit against NSO Group and its parent company Q Cyber, which has now been filed in the District Court of Northern California.

In the lawsuit, Apple complains that NSO Group has carried out cyber attacks against Apple and its customers, specifically through the "ForcedEntry" attack that exploited a now-fixed security flaw in iOS.

The goal of the lawsuit is to prohibit NSO Group from using Apple's products and services, including Apple ID and iMessage - the attacks on journalists, activists and others that have been documented were initiated with an iMessage message.

In a press release, Apple says it will notify all users who may have been targeted by the ForcedEntry attack. In the future, Apple will always notify users if it sees evidence of an attack by state-sponsored spyware.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Craig Federighi.

This article originally appeared on Macworld Sweden. Translation (using DeepL) and additional reporting by David Price.