Meta-owned messaging giant WhatsApp has detected and dismantled a new spear-phishing campaign linked to the controversial Israeli spyware developer NSO Group. The discovery has prompted WhatsApp to seek a contempt of court order against NSO, alleging that the spyware maker violated a permanent injunction issued last year. This previous court order explicitly prohibited NSO from targeting WhatsApp, its infrastructure, and its global user base.

The newly uncovered campaign involved highly targeted phishing attempts designed to deceive users into clicking malicious links. These links were intended to redirect targets to external websites, where their devices could be compromised. WhatsApp’s internal investigation, which was triggered by user reports, also revealed that NSO-linked actors had set up test accounts and groups on the platform. WhatsApp has since deactivated these accounts. The tactics mirror a 2024 phishing campaign in Jordan that used similar malicious links to deploy NSO’s notorious Pegasus spyware.

This legal clash is the latest chapter in a long-running battle between the tech giant and the spyware firm. The conflict dates back to a 2019 mass-hacking incident where NSO’s software was used to target over 1,400 WhatsApp users, leading to a lawsuit and a subsequent damages ruling. Over the past decade, cybersecurity researchers and tech firms have repeatedly documented how government clients use NSO’s tools to spy on journalists, political dissidents, and human rights advocates.

In response to these persistent threats, tech companies have ramped up security measures, introduced specialized lockdown modes, and actively notified affected users. Meanwhile, the U.S. government has maintained pressure on NSO Group, keeping it on a trade blacklist despite recent efforts by American investors to rehabilitate the company’s reputation and lobby for the removal of federal sanctions.

Key Takeaways

• WhatsApp disrupted a new spear-phishing campaign linked to NSO Group that attempted to lure users to malicious external websites.
• The messaging platform is seeking to hold NSO Group in contempt of court for violating a prior permanent injunction banning them from targeting WhatsApp users.
• Despite efforts by new U.S. investors to rehabilitate NSO's reputation, the company remains on the U.S. Commerce Department's blacklist.

Editor’s Analysis & Impact

The ongoing legal and technical warfare between WhatsApp and NSO Group highlights a broader, systemic conflict within the global cybersecurity landscape. Commercial spyware has evolved into a highly potent weapon for state actors, forcing private tech giants to step into the role of defense forces for civilian digital infrastructure. WhatsApp’s aggressive legal strategy—seeking contempt charges—demonstrates that tech firms are no longer relying solely on software patches to defend their ecosystems; they are leveraging the judiciary to impose financial and reputational costs on spyware developers. However, as long as there is high-state demand for zero-click exploits and targeted surveillance tools, firms like NSO Group will likely continue to find workarounds. This cat-and-mouse game underscores the urgent need for stronger international regulatory frameworks and unified government sanctions to curb the proliferation of unregulated cyber-weapons.

Frequently Asked Questions

Q: What is Pegasus spyware?
A: Pegasus is a highly sophisticated spyware developed by the Israeli firm NSO Group. It can be covertly installed on mobile phones, allowing operators to access messages, photos, location data, and even activate the device's camera and microphone without the user's knowledge.

Q: Why is WhatsApp taking NSO Group back to court?
A: WhatsApp is seeking a contempt of court order because NSO Group allegedly violated a previous permanent injunction that legally barred the spyware maker from targeting WhatsApp's platform and its users.

Q: How has the U.S. government responded to NSO Group's activities?
A: The U.S. government has placed NSO Group on a Commerce Department blacklist, restricting American companies from exporting technology to the firm, and has imposed sanctions on other spyware entities to curb the spread of commercial surveillance tools.