“NSO is behaving exactly like the dictators it serves”
WhatsApp says it blocked a new Pegasus-linked phishing campaign and will ask a U.S. court to sanction NSO for allegedly violating a permanent injunction. John Scott-Railton, senior researcher at the Citizen Lab at the University of Toronto, added that “these allegations strengthen the case for keeping the company on the U.S. Commerce Department's blacklist.”
WhatsApp said on Monday that it had detected and blocked attempts by Israeli spyware company NSO Group to target users through a phishing campaign conducted via the messaging platform. Meta's messaging subsidiary now plans to ask a U.S. federal court to hold NSO in contempt for allegedly violating a court order.
In May, a U.S. federal court ordered NSO to pay WhatsApp approximately $167 million in damages after finding the company liable for hacking more than 1,400 WhatsApp users. The court also issued a permanent injunction prohibiting NSO from targeting WhatsApp users, accessing WhatsApp systems, or using the platform to facilitate hacking operations.
WhatsApp now claims NSO violated that injunction.
"We successfully disrupted NSO-linked social engineering attempts, after investigating user reports. They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down," WhatsApp said.
"We are sharing threat indicators so that anyone can check if they were targeted by NSO-linked social engineering attempts across any platform — be it text message, email, WhatsApp message, or something else."
According to WhatsApp, it will ask a U.S. federal court to impose sanctions on NSO for violating the permanent injunction issued last year. The company argues that the alleged activity demonstrates continued efforts to target users despite the court's restrictions.
As part of its broader campaign against the commercial spyware industry, WhatsApp also announced a contribution to the Spyware Accountability Initiative, a coalition of civil society groups, cybersecurity researchers, and digital rights organizations focused on detecting, investigating, and combating digital surveillance operations worldwide.
"NSO Group is behaving exactly like the dictators it serves," said John Scott-Railton of the Citizen Lab research center at the University of Toronto. "They treat U.S. courts as something they can bypass and hope no one notices. It's encouraging to see WhatsApp remain vigilant against NSO's activities. You cannot turn your back on NSO Group or the broader spyware-for-hire industry."
Scott-Railton added that the allegations reinforce concerns about NSO's conduct and could strengthen arguments for maintaining restrictions on the company. "NSO is proving through its actions that it cannot be trusted," he said. "Ultimately, these allegations strengthen the case for keeping the company on the U.S. Commerce Department's blacklist."
