WhatsApp says NSO violated injunction

What's happened

WhatsApp has said it disrupted spear-phishing attempts tied to NSO Group and has asked a US court to hold the spyware firm in contempt for violating a permanent injunction. The attacks targeted fewer than 10 users, mainly in Jordan and Lebanon, and WhatsApp found no evidence the devices were compromised.

What's behind the headline?

What this means now

• Meta has already caught and disrupted targeted phishing links that it says are linked to NSO, and it is asking a federal court to hold NSO in contempt. That will force the legal fight back into court and keep pressure on US sanctions and export controls.

Who benefits and who loses

• WhatsApp and civil-rights groups will benefit because public court filings will document alleged continued abuse and strengthen calls for strict controls on commercial spyware.
• NSO will face fresh legal and reputational costs as it tries to overturn the injunction and lobby to re-enter the US market.

Likely next steps

• The court will consider WhatsApp's contempt filing and related evidence; this will increase the chance that judges will impose additional penalties or tighter restrictions.
• Regulators and other platforms will use WhatsApp's released indicators to scan for similar campaigns, which will raise the cost for NSO-style operations and make detection easier.

Broader consequence

• This will slow NSO's push into the US market and will increase scrutiny of any attempt to rebrand or relist the firm. Governments that buy commercial spyware will face higher transactional risk and increased diplomatic exposure.

How we got here

WhatsApp sued NSO after a 2019 campaign that used Pegasus to infect about 1,400 devices. A US court has issued a permanent injunction barring NSO from targeting WhatsApp; a jury award was reduced from $167m to $4m. The US government has placed NSO on an Entity List.

Our analysis

Meta and WhatsApp have framed the event as a clear breach. In a blog post quoted across outlets, Meta said WhatsApp "caught and disrupted spear phishing attempts linked to NSO" (Meta/WhatsApp, reported by Ars Technica and TechCrunch). WhatsApp told Axios the campaign targeted fewer than 10 people, mainly in Jordan and Lebanon, and that it had "found no evidence the targets' devices were compromised" (Axios). The Guardian and the New York Times emphasised the legal backdrop: last year's court ruling granted a permanent injunction against NSO and originally awarded $167m in damages that a judge later reduced to $4m; Meta is now asking the court to hold NSO in contempt (The Guardian; New York Times). Security researchers quoted by The Guardian, including Citizen Lab's John Scott Railton, described the move as "an astonishing signal of hubris" and questioned whether NSO believed it could avoid detection. Multiple sources note NSO's placement on the US Entity List and its recent ownership change and lobbying efforts as relevant context (Ars Technica; TechCrunch; Al Jazeera). Together the reports show agreement on the core facts — WhatsApp disrupted phishing linked to NSO and has filed for contempt — while emphasising different angles: technical detection (TechCrunch, Ars Technica), legal strategy (The Guardian, New York Times), and geopolitical and regulatory implications (Al Jazeera, Axios).

Go deeper

• What evidence will WhatsApp present to the court to prove NSO's involvement?
• Will US regulators tighten restrictions on commercial spyware after this filing?
• Could other messaging platforms find similar NSO-linked campaigns using WhatsApp's indicators?

More on these topics

• NSO Group - Surveillance company

  NSO Group Technologies is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It employed almost 500 people as of 2017, and is based in

• Pegasus - Software

  Pegasus is a spyware developed by the Israeli cyberarms firm NSO Group that can be covertly installed on mobile phones running most versions of iOS and Android.

• Meta - Social media company

  Facebook, Inc. is an American social media conglomerate corporation based in Menlo Park, California. It was founded by Mark Zuckerberg, along with his fellow roommates and students at Harvard College, who were Eduardo Saverin, Andrew McCollum, Dustin Mosk

• Jordan - Country in the Middle East

  Jordan, officially the Hashemite Kingdom of Jordan, is an Arab country in Western Asia, on the East Bank of the Jordan River. Jordan is bordered by Saudi Arabia to the south and the east, Iraq to the north-east, Syria to the north and Israel and Palestine

• Lebanon - Country in the Middle East

  Lebanon, officially known as the Lebanese Republic, is a country in Western Asia. It is bordered by Syria to the north and east and Israel to the south, while Cyprus lies west across the Mediterranean Sea.

• United States - Country in North America

  The United States of America, commonly known as the United States or America, is a country mostly located in central North America, between Canada and Mexico.