Microsoft joins Google in legal brief to stop spyware vendors, even from overseas

Microsoft, alongside Google and other industry partners, has filed an amicus brief in the case Dada v. NSO Group to combat the threat posed by cyber mercenaries—private entities that develop and sell offensive cyber tools.

They argue that these actors, like NSO Group, damage global security and privacy and should face legal consequences for their actions. The brief also urges stronger legal backing for victims of cyberattacks to seek action even if the attack happens outside US soil under anti-hacking laws.

“Cyber mercenaries like NSO Group have exploited our technology by attacking our users and we believe that those who have been victimized are entitled to legal recourse even if they are located outside the United States,” Microsoft says.

Google also says that it was the first to reveal details about NSO Group’s Pegasus spyware and found that many exploits targeting its products come from commercial spyware vendors, dated all the way back to 2017.

Microsoft has had enough of cybersecurity attacks. A few years back, Russian hackers (APT29) broke into US government agencies through a SolarWinds attack, prompting a White House emergency and FBI involvement.

Then, Chinese hackers (Storm-0558) also exploited a Microsoft cloud flaw to access emails from about 25 organizations, including US government agencies, for a month before being caught.

Something needed to be done, so the Redmond tech giant introduced the Secure Future Initiatives to boost security with automation, faster fixes, improved settings, and stronger default protections like Multi-Factor Authentication (MFA). The initiative will be in place starting in September this year, and as a part of that, Microsoft’s employees in China will be required to switch from Android to iPhones due to security concerns and compatibility with MFA requirements.