Home > Security > Security News

WhatsApp Disrupts New NSO Group Spyware Campaign, Files Contempt Order

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Whatsapp Privacy Issue
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • New Campaign Disrupted: WhatsApp said it caught and stopped spear phishing attempts linked to NSO Group after an investigation prompted by user reports.
  • Court Order Violation: WhatsApp filed a contempt order against NSO, accusing it of breaching an injunction barring it from targeting WhatsApp users.
  • Damages History: A jury previously ordered NSO to pay $167 million in damages, later lowered to $4 million.

WhatsApp said it disrupted a new hacking campaign linked to NSO Group, accusing the surveillance software maker of violating an earlier court order that bars it from targeting WhatsApp and its users with Pegasus spyware. The Meta-owned platform said it caught and disrupted spear phishing attempts linked to NSO after an investigation prompted by user reports.

How the Attack Worked

Attackers tried to trick people into clicking malicious links designed to drive them to external websites outside of the messaging service, a Monday Meta report said. The company also caught the operators creating test accounts and groups on WhatsApp, which it took down. 

The report mentions the following threat domains:

The platform said the attempts were similar to previous "1-click phishing campaigns." Meta stated that it was backed in May by 12 prominent civil rights organizations, a coalition of security researchers, privacy advocates, and digital rights experts.

Last year, as part of a years-long lawsuit, a court ordered NSO Group to stop targeting WhatsApp and its users. WhatsApp claimed the new campaign violated that injunction and filed a contempt order against NSO. 

The injunction stems from a 2019 mass-hacking campaign by NSO that targeted more than 1,400 WhatsApp users. After discovering it, WhatsApp notified victims and sued NSO. A jury later ordered NSO to pay $167 million in damages, which was later reduced to $4 million.

The U.S. government has also put pressure on NSO by placing it on a blocklist, and it has imposed sanctions on other spyware makers, such as Intellexa and its founder.

In April, fake Android apps distributing spyware were linked to Italian surveillance vendor IPS.

Add a Comment
Related
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography, Report Says
Hacker - Spy - Laptop - Data
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit
Automatic Content Recognition technology in Smart TVs
Free Smart TV Apps Embed Bright Data SDK to Build an AI Web-Scraping Proxy Network
Cyber Job Moves: New Executive Hires Signal Growth in Cloud, Identity, and AI Security | Week of June 7-13
UNC3753 Targeted US Law Firms in Vishing Extortion Campaign, Possibly Used Physical Access
Most Popular
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography, Report Says
Hacker - Spy - Laptop - Data
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
Vulnerabilities Can Be Found in Minutes While Safe Remediation Requires More Than Speed
Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent
Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit
Automatic Content Recognition technology in Smart TVs
Free Smart TV Apps Embed Bright Data SDK to Build an AI Web-Scraping Proxy Network
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography, Report Says
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
Vulnerabilities Can Be Found in Minutes While Safe Remediation Requires More Than Speed
Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent
Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit
Free Smart TV Apps Embed Bright Data SDK to Build an AI Web-Scraping Proxy Network

Most Popular
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography, Report Says
Hacker - Spy - Laptop - Data
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
Vulnerabilities Can Be Found in Minutes While Safe Remediation Requires More Than Speed
Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent
Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit
Automatic Content Recognition technology in Smart TVs
Free Smart TV Apps Embed Bright Data SDK to Build an AI Web-Scraping Proxy Network
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography, Report Says
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
Vulnerabilities Can Be Found in Minutes While Safe Remediation Requires More Than Speed
Fraud Operations Rebuild Faster Than Accounts Disappear While Their Behavior Remains Consistent
Over 20,000 Instagram Accounts Hijacked via the Meta AI Support Tool Exploit
Free Smart TV Apps Embed Bright Data SDK to Build an AI Web-Scraping Proxy Network

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: