WhatsApp Disrupts New NSO Group Hacking Campaign, Violating Court Order

Q: How were the attackers in this campaign attempting to infect users?

The attackers tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp.

Q: Why did WhatsApp file a lawsuit against NSO Group in 2019?

WhatsApp filed a lawsuit against NSO Group in 2019 after it came to light that a zero-day vulnerability had been exploited to deliver spyware to users.

Q: What was the outcome of WhatsApp's lawsuit against NSO Group?

In May 2025, a jury ordered NSO to pay more than $444,000 in compensatory damages and $167 million in punitive damages, which NSO appealed.

WhatsApp Disrupts New NSO Group Hacking Campaign, Violating Court Order

Meta-owned WhatsApp disrupted a new hacking campaign linked to spyware maker NSO Group, violating an earlier court order. The attackers used malicious links and test accounts.

WhatsApp has detected and disrupted a new campaign involving accounts and groups allegedly connected to NSO Group, a spyware maker that has been ensnared in countless cases of abuse worldwide. The messaging app maker accused NSO of violating an earlier court order that bars the company from targeting WhatsApp and its users with its spyware, and is seeking to hold NSO in contempt of court.

What Happened

On Monday, Meta-owned chat app WhatsApp announced that it had disrupted a new hacking campaign linked to NSO Group. The attacks were similar to another phishing campaign that relied on users clicking on malicious links, which would then lead to the targets being infected with NSO's spyware Pegasus. According to WhatsApp, the attackers tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp.

WhatsApp also caught the attackers creating test accounts and groups on WhatsApp, which were subsequently taken down. The company stated that it had successfully disrupted NSO-linked social engineering attempts after investigating user reports. This incident demonstrates why spyware regulation and stronger device protection remain critical in the industry.

Background and Context

NSO Group is a commercial spyware vendor based in Israel, known for its advanced "Pegasus" tool that has been deployed against politicians, activists, journalists, academics, and other high-profile targets. The company has been on the U.S. sanctioned entities list since November 2021 due to supplying foreign governments with software products used against people and organizations in the U.S.

WhatsApp's original lawsuit against NSO was filed in 2019 after it came to light that a zero-day vulnerability had been exploited to deliver spyware to users. In December 2024, a judge ruled that NSO is liable, and in May 2025, a jury ordered the spyware maker to pay more than $444,000 in compensatory damages and $167 million in punitive damages, which NSO appealed.

In October 2025, a judge reduced the punitive damages to $4 million, but WhatsApp was granted a permanent injunction barring NSO from hacking its users. Despite this order, NSO has continued to target WhatsApp users on multiple occasions using zero-day vulnerabilities.

Why It Matters to the Industry

This incident highlights the ongoing threat posed by commercial spyware vendors like NSO Group. The company's activities demonstrate a clear disregard for court orders and a willingness to continue targeting high-profile individuals and organizations despite the risks of being caught.

The use of phishing-style tactics designed to trick users into clicking on malicious links is a common technique employed by spyware makers. This type of attack can be particularly effective in compromising devices, especially when combined with zero-day vulnerabilities.

What Comes Next

WhatsApp has filed a federal court contempt order against NSO for violating the permanent injunction that barred them from targeting WhatsApp and its users. The company is also making a "significant contribution" to the Spyware Accountability Initiative, a fund supporting work aimed at exposing, challenging, and stopping the abuse of spyware technology.

Key Facts

WhatsApp detected and disrupted a new campaign involving accounts and groups allegedly connected to NSO Group.
The attacks were similar to another phishing campaign that relied on users clicking on malicious links, which would then lead to the targets being infected with NSO's spyware Pegasus.
NSO has been on the U.S. sanctioned entities list since November 2021 due to supplying foreign governments with software products used against people and organizations in the U.S.
WhatsApp was granted a permanent injunction barring NSO from hacking its users in October 2025.
The company is seeking to hold NSO in contempt of court for violating the permanent injunction.
NSO has been linked to numerous cases of abuse worldwide, including targeting politicians, activists, journalists, academics, and other high-profile targets.

As the industry continues to grapple with the challenges posed by commercial spyware vendors like NSO Group, it is clear that stronger device protection and regulation are essential in preventing these types of attacks. The incident serves as a reminder of the ongoing threat posed by these companies and the need for continued vigilance and cooperation between industry stakeholders.

9,536 page views

Originally surfaced from this brief. Approximately 670 words.

Discussion 6

SatoshiSleazecrypto payments advocate5h ago

This is a prime example of why we need decentralized payment solutions that can't be shut down by corporate interests. Crypto rails are the future, and this kind of interference will only accelerate our adoption.

AffiliateAceaffiliate marketer4h ago

A hacked WhatsApp account used to send malicious links? Amateur hour for these attackers. I'd love to see more data on how many conversions were lost due to these compromised accounts - it's gotta be a huge revenue hit!

DeepfakeDoubterAI/deepfake skeptic3h ago

This story raises serious concerns about the ethics of using spyware and AI-powered attacks. Where are the safeguards for unwitting targets? We need more transparency on how these tools are being used - not less.

ComplianceCarolage-verification & compliance2h ago

This hacking campaign is a clear example of why adult industry operators need to prioritize robust age verification and compliance measures. The NSO Group's tactics are alarming, but I'm glad WhatsApp took action.

HighRiskHankhigh-risk payments consultant1h ago

NSO Group's tactics might be high-stakes, but their approach is still old-school. Why use malicious links when you can set up a full-on billing cascade? I'd love to see them innovate and bring some real sophistication to the table.

MetaverseMoVR/immersive builder1h ago

Fascinating! WhatsApp disrupting the hacking campaign shows the power of end-to-end encryption in protecting user data. Can we leverage similar tech to secure virtual reality experiences?