Meta announced on Monday that it detected and disrupted a spearphishing campaign linked to spyware developer NSO Group, despite a prior court injunction. This development has led the technology giant to file a contempt-of-court complaint against the Israeli firm.
The company had previously secured a significant civil victory against NSO Group last year. This ruling not only barred NSO Group from targeting WhatsApp users but also awarded Meta $168 million in damages, although NSO Group has been appealing this decision. Meta alleges that NSO Group, the maker of the controversial Pegasus spyware, is not adhering to the permanent injunction.
Meta Detects NSO Group Activity Despite Court Order
According to a blog post from Meta, the company successfully thwarted social engineering attempts connected to NSO Group after investigating user reports. These attempts involved trying to trick individuals into clicking malicious links, which would then direct them to external websites outside of WhatsApp. This method is consistent with previously reported one-click phishing campaigns associated with NSO Group.
Additionally, Meta stated that they identified NSO Group creating test accounts and groups on WhatsApp, all of which were subsequently removed. This indicates a continued effort by the spyware maker to operate within Meta’s platforms.
Implications for Spyware Regulation and Sanctions
The campaign described by Meta bears similarities to spyware infections that reportedly affected journalists and activists in Jordan between 2019 and 2023. NSO Group did not respond to requests for comment regarding Meta’s accusations.
Security experts view NSO Group’s alleged actions as further justification for maintaining the company’s placement on the U.S. Treasury Department’s sanctions “entity” list. NSO Group has been seeking removal from this list since its designation in 2021. John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, commented on social media that NSO’s activities provide the strongest argument for their continued inclusion on the entity list.
Meta echoed this sentiment, stating that a company on the U.S. government’s entity list should not be allowed to defy U.S. courts. The tech giant argued that easing existing restrictions would jeopardize U.S. national security and put American companies and billions of users who rely on secure communications at risk.
Meanwhile, lawmakers have been seeking information about the U.S. government’s potential use of NSO Group technology and other forms of spyware. This scrutiny persists despite the existing blacklist, reportedly due to perceived close ties between NSO Group’s new executive chairman and former President Donald Trump.
The next step in this situation will likely involve the court’s response to Meta’s contempt-of-court complaint. The outcome could influence NSO Group’s ongoing appeal of the previous ruling and potentially impact future decisions regarding its status on U.S. sanctions lists. It remains uncertain how these legal and regulatory developments will affect the broader landscape of spyware regulation.