Back

WhatsApp Files Contempt Against NSO Group for New Phishing Attacks

Severity: High (Score: 76.5)

Sources: Cybernews, www.reuters.com, Techbuzz.Ai, About.Fb, Thenews.Pk

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: spyware, whatsapp, firm, meta, group, israeli, court

Severity indicators: spyware

Summary

WhatsApp has filed a federal court contempt order against NSO Group for allegedly violating a permanent injunction that barred the spyware firm from targeting its users. The company reported disrupting new spear phishing attempts linked to NSO, which involved social engineering tactics designed to trick users into clicking malicious links. These phishing attempts are similar to previous '1-click' campaigns associated with NSO's Pegasus spyware. WhatsApp also discovered NSO creating test accounts and groups on its platform, which were subsequently dismantled. The court had previously found NSO liable for hacking WhatsApp users and issued a significant reduction in punitive damages from $168 million to $4 million. WhatsApp has released threat indicators to help users identify potential NSO-linked attacks. The ongoing legal battle highlights the persistent threat posed by commercial spyware firms. Key Points: • WhatsApp has filed a contempt order against NSO Group for violating a court injunction. • The spyware firm allegedly conducted new spear phishing attacks targeting WhatsApp users. • WhatsApp has released threat indicators to help users identify NSO-linked phishing attempts.

Detailed Analysis

**Impact** WhatsApp users worldwide are targeted by NSO Group’s renewed phishing campaigns despite a 2025 permanent injunction barring such activity. Reported targets include journalists, human rights defenders, government officials, military personnel, and humanitarian organizations. The ongoing attacks threaten the security of billions relying on encrypted communications and pose national security risks, particularly in the US and allied countries. Legal and operational consequences include Meta’s federal contempt filing and a coalition of civil rights organizations supporting enforcement against NSO’s appeal. **Technical Details** The attacks involve NSO-linked social engineering spear phishing campaigns using “1-click” phishing techniques to lure victims into clicking malicious links redirecting to external websites outside WhatsApp’s encrypted environment. NSO also created test accounts and groups on WhatsApp to develop new attack vectors. Malicious domains identified include ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com. The spyware firm’s CEO admitted targeting multiple vectors beyond WhatsApp, including browsers and operating systems. No specific CVEs or malware variants beyond Pegasus were detailed. **Recommended Response** Defenders should block the disclosed malicious domains and monitor for phishing attempts involving similar 1-click tactics across messaging platforms, email, and SMS. Users should enable strict account security settings and keep applications and devices updated. Organizations should report suspicious activity to WhatsApp and related platforms for rapid investigation. No specific patches were mentioned; monitoring for social engineering and unauthorized account creation remains critical.

Source articles (11)

  • Fighting Spyware: An Update From WhatsApp — About.Fb · 2026-06-08
    Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group — a spyware firm blacklisted for actions contrary to US national security — from targeting Wh…
  • Meta takes legal action against Israeli spyware firm NSO — Channelnewsasia · 2026-06-08
    June 8 : Meta said on Monday it is filing a federal court contempt order against Israeli spyware firm NSO Group for violating a permanent injunction that barred it from ever targeting WhatsApp and its…
  • WhatsApp Asks Court to Hold NSO Group in Contempt After New Attacks — Techbuzz.Ai · 2026-06-08
    WhatsApp is asking a federal court to hold NSO Group in contempt after catching the blacklisted spyware firm allegedly violating last year's permanent injunction. The Meta -owned messaging platform di…
  • Meta sues Israeli spyware firm NSO over WhatsApp attacks — Cybernews · 2026-06-08
    Meta said on Monday it is filing a federal court contempt order against Israeli spyware firm NSO Group for violating a permanent injunction that barred it from ever targeting WhatsApp and its users. T…
  • Meta launches legal battle against NSO as US warns of Israeli spyware threat — Thenews.Pk · 2026-06-08
    Meta is set to take legal action against Israeli spyware firm NSO Group by filing a federal court contempt order. According to the US-based tech giant, the legal battle stems from the spyware firm’s a…
  • Between A Hack And A Hard Place How Pegasus Spyware Crushes Civic Space In Jordan — www.accessnow.org · 2026-06-08
    This website uses strictly necessary cookies for functionality, and asks if you’d like to opt-in to anonymous analytics collection. The anonymous analytic cookies are stored in your browser and perfor…
  • NSO Group back in Meta's crosshairs after alleged WhatsApp targeting — Theregister · 2026-06-08
    Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off Meta has asked a federal judge to hold Israeli spyware maker NSO Group in…
  • Meta takes legal action against Israeli spyware firm NSO — Straitstimes · 2026-06-08
    Meta said its WhatsApp messaging service disrupted new spear phishing attempts linked to NSO, an entity blacklisted by the US government. Meta said on June 8 it is filing a federal court contempt orde…
  • WhatsApp Says Spyware Maker NSO Group Is Still Targeting Its Users — Engadget · 2026-06-08
    Meta is once again asking a court to intervene in its long-running battle against spyware maker NSO Group. The company says it's disrupted a spearfishing attempt that targeted WhatsApp users and is no…
  • Apple Software Update Spyware Nso Group — www.nytimes.com · 2026-06-08
  • Us Court Orders Spyware Company Nso Stop Targeting Whatsapp Reduces Damages 2025 10 18 — www.reuters.com · 2026-06-08

Timeline

  • 2025-01-05 — US court issues permanent injunction against NSO: A federal court barred NSO Group from targeting WhatsApp and its users due to hacking violations.
  • 2025-05-01 — Damages reduced from $168 million to $4 million: A judge significantly reduced the punitive damages NSO owed Meta after finding insufficient evidence for the higher amount.
  • 2026-06-08 — WhatsApp disrupts NSO-linked phishing attempts: WhatsApp reported disrupting new phishing campaigns linked to NSO, including the creation of test accounts.
  • 2026-06-08 — WhatsApp files contempt order against NSO: WhatsApp has formally requested the court to hold NSO in contempt for its continued targeting of users despite the injunction.

Related entities

  • Malware (Attack Type)
  • Phishing (Attack Type)
  • Meta (Company)
  • NSO Group (Company)
  • Apple (Company)
  • WhatsApp (Platform)
  • Israel (Country)
  • Jordan (Country)
  • Lebanon (Country)
  • for.in (Domain)
  • fr24cast.com (Domain)
  • ghazacast.com (Domain)
  • ikhwancast.com (Domain)
  • Government (Industry)
  • Pegasus (Malware)
  • T1566.001 - Spearphishing Attachment (Mitre Attack)
  • T1566.002 - Spearphishing Link (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed