Many of the Pegasus attacks are zero-click, so no link is needed. All they need to do is send you a message and you are compromised.
They presumably also configure their command and control to only persist if it is one of the designated targets and wipe all traces if it is not, so even forwarding the attack payload would probably not do anything. You would need to determine you have been compromised and then reverse engineer the exploit so you could replace the command payload with a irreversible bricking operation to do what you suggest.
At that point you might as well spend the $5M-$10M to develop the entire attack yourself. If you are a competitor to Apple spending $10M to completely destroy the $2.7T Apple is literal pocket change; too small to even show up on your financials.
> If you are a competitor to Apple spending $10M to completely destroy the $2.7T Apple is literal pocket change; too small to even show up on your financials.
You're comparing two near completely unrelated numbers here. That's not what enterprise value means; it doesn't mean much of anything really.
It works the usual way -- you make a payload that, when processed by a buggy code, executes itself. If the buggy code happens to be SMS packet parser, image decoder, text rendering, blocklist check or another 2 millions of things that happen to show you incoming SMS (or even better, flash message, or something not visible to user), then you don't have to click on it.
I mean if the bug in the browser, you have to visit the page to have the payload get to you, but it's a phone. A device for other people to contact you.
They presumably also configure their command and control to only persist if it is one of the designated targets and wipe all traces if it is not, so even forwarding the attack payload would probably not do anything. You would need to determine you have been compromised and then reverse engineer the exploit so you could replace the command payload with a irreversible bricking operation to do what you suggest.
At that point you might as well spend the $5M-$10M to develop the entire attack yourself. If you are a competitor to Apple spending $10M to completely destroy the $2.7T Apple is literal pocket change; too small to even show up on your financials.