WhatsApp Moves to Hold NSO Group in Contempt After New Spear-Phishing Campaign
Table of Contents
The Return of the Phishing Link
WhatsApp has announced the disruption of a targeted hacking campaign linked to NSO Group, the controversial Israeli surveillance firm behind the Pegasus spyware. The move is more than a technical patch; it is a legal escalation. Meta-owned WhatsApp is now seeking to hold NSO in contempt of court, alleging that the company flagrantly ignored a permanent injunction barring it from targeting the app and its user base.
The latest activity was uncovered following reports from users and a subsequent internal investigation. According to WhatsApp, the attackers utilized spear-phishing techniques—highly targeted messages designed to trick specific individuals into clicking malicious links. These links were intended to redirect users to external websites where the spyware could be deployed, effectively bypassing the app’s encrypted environment by attacking the user’s browser or operating system.
Beyond the phishing links, WhatsApp reports that NSO agents were caught creating test accounts and groups within the platform to refine their delivery methods. All identified accounts have since been banned.
A Pattern of Persistence
The technical signature of this campaign bears a striking resemblance to a 2024 operation reported in Jordan, where Pegasus was used to infiltrate devices via similar social engineering tactics. This persistence highlights a critical tension in modern cybersecurity: while end-to-end encryption protects the content of messages, it cannot prevent an attacker from using the delivery mechanism of a message to compromise the entire device.
This is not the first time WhatsApp and NSO have clashed in the courtroom. The current legal battle is a continuation of a saga that began in 2019, when a massive hacking campaign targeted over 1,400 WhatsApp users. That original suit resulted in a jury ordering NSO to pay $167 million in damages—a figure that was later significantly reduced to $4 million. However, the more critical outcome was the permanent injunction that legally prohibited NSO from targeting WhatsApp’s infrastructure.
The Geopolitics of Commercial Spyware
The conflict between Meta and NSO Group serves as a proxy for a larger global debate over the sale of military-grade surveillance tools to civilian governments. Over the last decade, reports from researchers and human rights organizations have detailed how Pegasus has been deployed by various regimes to monitor journalists, political dissidents, and human rights defenders.
In response, the U.S. government has taken aggressive steps to marginalize NSO. The company remains on the U.S. Commerce Department’s blocklist, a move that severely limits its ability to do business with American firms and access U.S. technology. Similar sanctions have been levied against other players in the “mercenary spyware” market, such as Intellexa.
Despite these pressures, NSO has attempted a corporate pivot. Last year, a group of U.S.-based investors acquired the company with the explicit goal of rebranding and scrubbing its reputation. The new ownership has lobbied the U.S. government to lift the sanctions, hoping to open the lucrative American market. However, this latest phishing campaign suggests that the company’s operational habits may be harder to change than its ownership structure.
Strengthening the Perimeter
To combat these sophisticated threats, tech companies have moved beyond simple updates. WhatsApp has introduced specialized security features, including opt-in protections designed specifically for high-risk users—such as diplomats and activists—who are most likely to be targeted by state-sponsored actors. These measures aim to reduce the attack surface and provide earlier warnings when a device may have been compromised.
As the contempt proceedings move forward, the case will likely center on whether NSO’s new activity constitutes a willful violation of the court’s previous order. If the court finds NSO in contempt, it could lead to further financial penalties or more stringent judicial oversight of the company’s operations.
