Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware' Apple has made a significant change to the wording of its threat notifications, opting not to attribute attacks to a specific source or perpetrator, but categorizing them broadly as "mercenary spyware." With the revised verbiage, announced Wednesday, Apple is referring to the infection of devices with NSO Group's Pegasus …
According to the Cambridge Dictionary ( https://dictionary.cambridge.org/dictionary/english/mercenary ) the adjective means "interested only in the amount of money that you can get from a situation"...
Sounds to me like how Amazon, Apple, Google, Meta (aka Facebook), Microsoft, X (formerly known as Twitter) and so many other "big corporates" operate
NSO claims all the time to be state-sponsored, so much that they claim to have all the immunity of host governments whenever they face legal consequences (they don't really get it, but they try). It's more that, when NSO or some criminal group like them sells their product to a private actor, it can't really be said to be state-sponsored. The criminals spying on you aren't a government. The ones who made the tool aren't a government. If the latter group is NSO, you can claim that Israel is responsible for all NSO's actions as they condone their existence, but if it's a different company, that may not be the case, and if it is, it may not be easy to prove. Hence, Apple has made their message more generic so it covers cases where it isn't a state-sponsored one.
Could I request you to read two things. The first is the dictionary definition of the word "or". The second is this sentence from my post, which I'll repeat with the or capitalized for your convenience:
"It's more that, when NSO OR some criminal group like them sells their product to a private actor,"
NSO claims not to sell to private actors. Let's say we believe them. Fine, it's never NSO who is responsible for a private attack. Companies that produce tools similar to NSO do sell to private actors, and those private actors use them against their targets. Hence, there are still companies that sell tools to do this and do conduct private attacks. My post repeatedly makes the point that there are people other than NSO who develop similar tools, that NSO is often the exception to the rules, and that the message makes more sense for companies other than NSO. You appear to have disagreed with me based on the flawed assumption that NSO was the only company I considered.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
