WhatsApp said that it disrupted a new hacking campaign linked to NSO Group, a spyware maker that has been ensnared in countless cases of abuse all over the world. The messaging app maker accused NSO of violating an earlier court order that bars the company from targeting WhatsApp and its users with its spyware, and is seeking to hold NSO in contempt of court.
On Monday, the Meta-owned chat app announced that it “caught and disrupted spear phishing attempts linked to NSO” after an investigation prompted by user reports. “They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp,” the company wrote. “We also caught them creating test accounts and groups on WhatsApp, which we took down.”
WhatsApp said that the attacks were similar to another phishing campaign that relied on users clicking on malicious links, which would then lead to the targets being infected with NSO’s spyware Pegasus, a campaign that was reported in Jordan in 2024.
NSO did not respond to TechCrunch’s request for comment.
Last year, as part of a years-long lawsuit launched by WhatsApp against NSO, a court ordered the spyware maker to stop targeting WhatsApp and its users. WhatsApp claimed that the new phishing campaign revealed on Monday violated this permanent injunction, and as such filed a contempt order against NSO.
The injunction stems from a 2019 mass-hacking campaign by NSO that targeted more than 1,400 WhatsApp users. Following the discovery, WhatsApp notified the victims and sued the spyware maker. A jury ordered NSO to pay $167 million in damages, which was later lowered to $4 million.
Over the last decade, security researchers, journalists, and tech companies like WhatsApp have documented dozens of cases where government hackers used NSO’s spyware to target and hack the phones of journalists, dissidents, human rights workers, and political opponents. Tech companies have responded in several ways: exposing these hacking campaigns publicly, notifying victims, filing lawsuits against the spyware makers, and launching new special opt-in security features designed to make devices and apps harder to hack, specifically by government customers armed with powerful spyware, like NSO’s Pegasus.
At the same time, the U.S. government has also put pressure on NSO by putting it on a blocklist, and imposed sanctions on other spyware makers like Intellexa and its founder.
Last year, a group of U.S. investors purchased NSO with the hopes of cleaning up the company’s reputation, as well as lobbying the U.S. government to lift its measures against the company.
While NSO continues with its plan to enter the American market, the U.S. government has yet to remove NSO from the U.S. Commerce Department blocklist.
