WhatsApp has announced the successful disruption of a recent hacking campaign associated with the NSO Group, a notorious spyware manufacturer implicated in numerous global abuse cases. The messaging platform alleges that NSO has breached a prior court order prohibiting the targeting of WhatsApp and its users, prompting the company to seek a contempt ruling against NSO.
On Monday, the Meta-owned application revealed that it had intercepted spear phishing attempts attributed to NSO, following user reports that triggered an investigation. WhatsApp stated, "They attempted to deceive users into clicking on harmful links that redirected them to external sites." Additionally, WhatsApp discovered and dismantled test accounts and groups created by the attackers within its platform.
The recent attacks mirror a previous phishing campaign that aimed to infect users with NSO's spyware, Pegasus. This earlier campaign was notably reported in Jordan in 2024.
NSO has not yet responded to requests for comments regarding these allegations. Last year, in a protracted legal battle initiated by WhatsApp, a court mandated NSO to cease its targeting of the app and its user base. WhatsApp posits that the newly uncovered phishing attempts violate this enduring injunction, leading to the current legal actions against NSO.
This injunction was a response to a mass hacking incident in 2019 that affected over 1,400 WhatsApp users. Following this breach, WhatsApp informed the victims and subsequently filed a lawsuit against NSO. A jury initially ordered NSO to pay $167 million in damages, a figure that was later reduced to $4 million.
Over the past decade, security experts, journalists, and tech companies like WhatsApp have documented numerous instances where government-affiliated hackers utilized NSO's spyware to compromise the devices of journalists, activists, and political figures. In response, tech companies have taken various measures, including publicly exposing hacking attempts, notifying affected users, pursuing legal action against spyware developers, and implementing enhanced security features to protect users from potential threats.
Simultaneously, the U.S. government has exerted pressure on NSO by placing it on a trade blocklist and imposing sanctions on other spyware creators. Recently, a group of U.S. investors acquired NSO, aiming to rehabilitate the company's reputation and lobby for the removal of governmental sanctions.
As NSO continues its efforts to penetrate the American market, it remains to be seen how these developments will influence the future landscape of digital security and user privacy.