Back

WhatsApp Files Contempt Against NSO Group for New Spyware Attacks

Severity: High (Score: 75.0)

Sources: www.accessnow.org, About.Fb, www.reuters.com, Thenews.Pk, Techbuzz.Ai

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: spyware, whatsapp, firm, meta, group, israeli, court

Severity indicators: spyware

Summary

WhatsApp has filed a federal court contempt order against NSO Group for allegedly violating a permanent injunction that prohibits the spyware firm from targeting its users. The Meta-owned messaging platform disrupted new spear phishing attempts linked to NSO, which involved tricking users into clicking malicious links that redirected them to external websites. WhatsApp identified and dismantled test accounts created by NSO on its platform. The attacks are reminiscent of previous phishing campaigns associated with NSO's Pegasus spyware. The recent campaign reportedly targeted fewer than 10 users, primarily in Jordan and Lebanon, but no signs of compromise were detected among them. WhatsApp has publicly disclosed malicious domains related to the phishing attempts to aid users and security researchers. The ongoing legal battle follows a 2025 court ruling that found NSO liable for hacking over 1,400 WhatsApp users, resulting in a reduced damages award from $167 million to $4 million. The case highlights the persistent threat posed by commercial spyware firms. Key Points: • WhatsApp has filed a contempt order against NSO Group for violating a court injunction. • The recent phishing campaign targeted fewer than 10 users, primarily in Jordan and Lebanon. • WhatsApp has shared malicious domains linked to the attacks to assist users and researchers.

Detailed Analysis

**Impact** The recent spear phishing campaign linked to NSO Group targeted fewer than 10 WhatsApp users primarily located in Jordan and Lebanon. The victims include journalists, human rights defenders, government officials, and military personnel. The attacks risk unauthorized access to personal communications and device compromise, potentially enabling surveillance and data exfiltration. The ongoing legal battle and injunction violations also pose operational and reputational risks to NSO and highlight persistent threats to secure communications globally. **Technical Details** The attack vector involved 1-click phishing campaigns using malicious links designed to redirect targets to external websites outside WhatsApp’s encrypted environment. NSO created test accounts and groups on WhatsApp to facilitate these campaigns. The spyware involved is Pegasus, previously linked to NSO, exploiting social engineering to gain initial access. Three malicious domains identified are ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com. No specific CVEs or zero-days exploited in this campaign were disclosed. **Recommended Response** Defenders should block and monitor traffic to the disclosed domains and implement detection rules for phishing attempts involving malicious links outside trusted environments. Users should enable strict account security settings on WhatsApp and maintain up-to-date applications and device firmware. Organizations should educate users on spear phishing risks and encourage reporting suspicious activity for rapid investigation. Continuous monitoring for new NSO-linked infrastructure and social engineering tactics is advised.

Source articles (20)

  • Fighting Spyware: An Update From WhatsApp — About.Fb · 2026-06-08
    Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group — a spyware firm blacklisted for actions contrary to US national security — from targeting Wh…
  • Meta takes legal action against Israeli spyware firm NSO — Channelnewsasia · 2026-06-08
    June 8 : Meta said on Monday it is filing a federal court contempt order against Israeli spyware firm NSO Group for violating a permanent injunction that barred it from ever targeting WhatsApp and its…
  • WhatsApp Asks Court to Hold NSO Group in Contempt After New Attacks — Techbuzz.Ai · 2026-06-08
    WhatsApp is asking a federal court to hold NSO Group in contempt after catching the blacklisted spyware firm allegedly violating last year's permanent injunction. The Meta -owned messaging platform di…
  • Meta sues Israeli spyware firm NSO over WhatsApp attacks — Cybernews · 2026-06-08
    Meta said on Monday it is filing a federal court contempt order against Israeli spyware firm NSO Group for violating a permanent injunction that barred it from ever targeting WhatsApp and its users. T…
  • Meta launches legal battle against NSO as US warns of Israeli spyware threat — Thenews.Pk · 2026-06-08
    Meta is set to take legal action against Israeli spyware firm NSO Group by filing a federal court contempt order. According to the US-based tech giant, the legal battle stems from the spyware firm’s a…
  • NSO Group back in Meta's crosshairs after alleged WhatsApp targeting — Theregister · 2026-06-08
    Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off Meta has asked a federal judge to hold Israeli spyware maker NSO Group in…
  • Meta takes legal action against Israeli spyware firm NSO — Straitstimes · 2026-06-08
    Meta said its WhatsApp messaging service disrupted new spear phishing attempts linked to NSO, an entity blacklisted by the US government. Meta said on June 8 it is filing a federal court contempt orde…
  • WhatsApp Says Spyware Maker NSO Group Is Still Targeting Its Users — Engadget · 2026-06-08
    Meta is once again asking a court to intervene in its long-running battle against spyware maker NSO Group. The company says it's disrupted a spearfishing attempt that targeted WhatsApp users and is no…
  • WhatsApp Disrupts NSO — Cybersecuritynews · 2026-06-08
    Meta’s WhatsApp has identified and disrupted a fresh wave of spear-phishing campaigns linked to NSO Group, the Israeli spyware firm blacklisted by the U.S. government, and is now asking a federal cour…
  • Meta says NSO is still trying to hack WhatsApp users. — Theverge · 2026-06-08
    Despite last year’s $167 million verdict against NSO Group for its Pegasus software hacking some 1,400 WhatsApp users, Meta says it has detected new spear phishing attacks on its platform from the spy…
  • WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order — Techcrunch · 2026-06-08
    WhatsApp said that it disrupted a new hacking campaign linked to NSO Group , a spyware maker that has been ensnared in countless cases of abuse all over the world. The messaging app maker accused NSO…
  • Between A Hack And A Hard Place How Pegasus Spyware Crushes Civic Space In Jordan — accessnow.org · 2026-06-08
    This website uses strictly necessary cookies for functionality, and asks if you’d like to opt-in to anonymous analytics collection. The anonymous analytic cookies are stored in your browser and perfor…
  • WhatsApp says spyware maker NSO Group still targeting its users — Viewsbangladesh · 2026-06-08
    Meta has escalated its long-running legal battle against Israeli cyber-intelligence firm NSO Group, requesting a federal court to hold the spyware maker in contempt for allegedly continuing to target…
  • WhatsApp sues NSO Group, accuses it of new phishing attacks — Mezha · 2026-06-08
    WhatsApp says it detected a fresh phishing campaign tied to NSO Group. The company filed a contempt motion after alleging the attacks breached a prior court injunction. As stated by Techcrunch WhatsAp…
  • Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint — Cyberscoop · 2026-06-08
    Meta said Monday that it caught a spearphishing campaign linked to spyware maker NSO Group despite a court injunction, prompting the tech giant to file a contempt-of-court complaint. The company won a…
  • Between A Hack And A Hard Place How Pegasus Spyware Crushes Civic Space In Jordan — www.accessnow.org · 2026-06-08
    This website uses strictly necessary cookies for functionality, and asks if you’d like to opt-in to anonymous analytics collection. The anonymous analytic cookies are stored in your browser and perfor…
  • WhatsApp Catches Spyware Firm NSO Defying No — Rss.Slashdot · 2026-06-08
    wiredmikey shares a report from SecurityWeek: Meta-owned communications app WhatsApp says it recently detected and disrupted a spear-phishing attempt linked to spyware company NSO Group. The attack is…
  • Apple Software Update Spyware Nso Group — www.nytimes.com · 2026-06-08
  • Us Court Orders Spyware Company Nso Stop Targeting Whatsapp Reduces Damages 2025 10 18 — www.reuters.com · 2026-06-08
  • Meta Takes Legal Action Against Israeli Spyware Firm Nso Group 2026 06 08 — www.reuters.com · 2026-06-08

Timeline

  • 2019-05-01 — WhatsApp sues NSO Group: WhatsApp filed a lawsuit against NSO for exploiting vulnerabilities to target users, including journalists and activists.
  • 2025-01-05 — Court orders NSO to stop targeting WhatsApp: A U.S. court ruled that NSO Group must cease its operations against WhatsApp users, following a significant hacking incident.
  • 2025-05-01 — Damages awarded to WhatsApp: A jury awarded WhatsApp $167 million in damages against NSO, later reduced to $4 million by the judge.
  • 2026-06-08 — WhatsApp disrupts new phishing campaign: WhatsApp reported disrupting a new spear phishing campaign linked to NSO, filing a contempt order against the firm.

Related entities

  • Malware (Attack Type)
  • Phishing (Attack Type)
  • Meta (Company)
  • NSO Group (Company)
  • Apple (Company)
  • WhatsApp (Platform)
  • Israel (Country)
  • Jordan (Country)
  • Lebanon (Country)
  • for.in (Domain)
  • for.us (Domain)
  • fr24cast.com (Domain)
  • ghazacast.com (Domain)
  • ikhwancast.com (Domain)
  • Government (Industry)
  • Pegasus (Malware)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • T1566.001 - Spearphishing Attachment (Mitre Attack)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed