WhatsApp seeks contempt order against NSO Group over alleged spyware breach
The company filed a motion in US federal court accusing the Israeli firm of violating a 2024 injunction, following the detection of malicious links targeting fewer than 10 users in Jordan and Lebanon.
WhatsApp, the messaging service owned by Meta, has announced the disruption of a new spear-phishing campaign linked to NSO Group, the Israeli spyware manufacturer. The company filed a contempt order in a US federal court, accusing NSO of violating a permanent injunction that prohibits it from targeting WhatsApp users with its Pegasus surveillance software.
According to Meta, the disruption followed an investigation prompted by user reports. The company identified attempts to trick users into clicking malicious links that directed them to external websites, alongside the creation of test accounts and groups on the platform which were subsequently taken down. Meta confirmed that no signs of compromise were detected among the fewer than 10 identified targets, who were primarily located in Jordan and Lebanon.
The legal motion alleges that the new campaign mirrors a phishing operation reported in Jordan in 2024, which similarly relied on users clicking malicious links to infect devices with Pegasus spyware. Meta stated that the activities constituted a breach of the 2024 court order, prompting the request for a contempt ruling against the spyware maker.
This dispute originates from a 2019 mass-hacking campaign in which NSO targeted more than 1,400 WhatsApp users, including journalists, dissidents, and human rights workers. Following the discovery of the breach, WhatsApp notified the victims and initiated legal action. A US jury originally awarded WhatsApp $167 million in damages, a figure that was later reduced to $4 million.
NSO Group, which was recently purchased by a group of US investors aiming to improve its reputation and lobby for the removal of its Commerce Department blocklist, did not respond to requests for comment regarding the new allegations. The US government has yet to lift its sanctions against the firm, despite the new ownership’s efforts to facilitate market entry.
The incident highlights the ongoing tension between technology platforms and state-sponsored surveillance tools. Over the past decade, security researchers and tech companies have documented numerous cases where NSO’s spyware was used to target political opponents and civil society figures. In response, companies have increasingly adopted legal challenges and enhanced security features to protect users from such intrusions.
While US investors have sought to clean up NSO’s image and secure its place in the American market, the firm remains on the Commerce Department blocklist. The outcome of the contempt proceedings filed by Meta remains pending, with the court yet to rule on whether NSO has violated the existing injunction.
