Key Takeaway:
- Meta seeks court action after detecting new NSO Group phishing attacks.
- WhatsApp users in Jordan and Lebanon were targeted by malicious links.
- The legal dispute highlights ongoing risks regarding commercial spyware firm activities.
Meta is asking a federal court to hold Israeli spyware vendor NSO Group in contempt, alleging the firm violated a permanent injunction by launching new spear-phishing attacks against WhatsApp users.
Legal Battle Over Surveillance
Meta announced Monday that it detected and disrupted NSO Group phishing attacks that targeted fewer than 10 WhatsApp users, primarily located in Jordan and Lebanon. The company identified the activity after several targets reported receiving suspicious messages containing malicious links.
The messaging platform alleges these attempts mirror previous campaigns tied to NSO Group’s technology. Beyond the links, WhatsApp reported that the attackers created unauthorized test accounts and groups on the service. Meta has since disabled those accounts to prevent further exploitation.
This development follows a years-long legal struggle between the two companies. In October 2025, a federal judge granted a permanent injunction barring NSO Group from accessing or targeting WhatsApp. That ruling came after a federal jury found the spyware maker liable for hacking 1,400 accounts belonging to journalists, activists, and government officials.
Continued Risks To Digital Security
The recent incident involving NSO Group phishing attacks has renewed concerns regarding the commercial spyware industry’s adherence to international law. Meta emphasized that allowing the behavior to continue unchecked poses a significant threat to global communications.
“When a malicious company on the U.S. government’s entity list continues to defy U.S. courts, existing restrictions must remain firmly in place,” Meta said in a blog post. The company warned that any easing of current oversight would undermine national security and place millions of users at risk.
Privacy advocates support the move, noting that the latest NSO Group phishing attacks prove the firm’s continued disregard for judicial mandates. John Scott-Railton, a senior researcher at Citizen Lab, a University of Toronto unit that monitors surveillance, said the firm is effectively proving it should remain sanctioned.
“NSO Group is doing an amazing job making the argument that they should stay sanctioned and face more consequences,” Scott-Railton said. The researcher’s organization has previously assisted Meta in investigating how NSO’s flagship Pegasus spyware was deployed against the platform’s users.
NSO Group Faces Persistent Scrutiny
NSO Group has historically defended its business model by claiming it only provides technology to authorized government agencies for the purpose of combating crime and terrorism. The company did not respond to requests for comment regarding the latest contempt filing related to the alleged NSO Group phishing attacks.
The firm’s legal team has previously sought to overturn the injunction, arguing that the court’s restrictions would cause the company irreparable business harm. Despite those efforts, the legal environment remains hostile for the vendor, with courts consistently finding that its conduct violates cybersecurity and anti-hacking statutes.
As Meta pushes for a contempt ruling, the company is also contributing to the Spyware Accountability Initiative, a fund designed to challenge the abuse of surveillance technology. Meta has shared specific indicators of compromise to assist users in detecting potential targeting linked to NSO Group phishing attacks, while reiterating that WhatsApp’s end-to-end encryption remains a critical safeguard for its two billion global users.
Visit more of our news! CyberPro Magazine
