A federal court’s permanent injunction against NSO Group now has its first real test: Meta says the Israeli spyware firm defied it anyway.
Meta’s contempt filing alleges NSO ran social engineering attempts after a federal court barred the company from ever targeting WhatsApp and its users. The attacks mirrored previously documented NSO one-click phishing patterns, tricking users into clicking malicious links that redirected them to external websites outside WhatsApp. Meta says it identified and removed test accounts and groups NSO created on the platform.
Few technical details were disclosed, including the timing, scale, or whether any compromises succeeded. Meta shared threat indicators across text, email, and WhatsApp channels so users can check whether they were targeted.
Here’s the real story. NSO has been on the US Entity List since November 2021, blacklisted for actions contrary to US national security. A company already under those export restrictions now faces contempt of a federal injunction. If that combination doesn’t produce serious consequences, the enforcement architecture around commercial spyware looks hollow. The company didn’t deny looking for new attack surfaces: NSO’s CEO acknowledged in court testimony that it actively seeks new “vectors” to access devices beyond WhatsApp.
Meta used the filing to push back against any easing of export restrictions, arguing relaxation would put “billions of people worldwide who depend on secure communications at risk.”
Worth auditing your own exposure using WhatsApp’s published IoC list before the contempt hearing proceeds.
— Rebecca Lauren