Meta Files Contempt of Court Complaint Against NSO Group for Defying Spyware Injunction
- Jun 8
- 2 min read
Key Findings
Meta detected NSO Group conducting spear phishing campaigns targeting WhatsApp users despite a permanent court injunction issued last year
The company filed a federal contempt-of-court complaint, alleging NSO violated the injunction by creating test accounts and luring users to malicious external websites
Three malicious domains have been identified: ikhwancast.com, ghazacast.com, and fr24cast.com
NSO Group remains on the U.S. Commerce Department's Entity List and owes Meta 168 million dollars in damages from the previous civil case
Security researchers argue NSO's continued violations strengthen the case for maintaining sanctions against the company
Background
Meta won a landmark civil case against NSO Group last year, securing both a permanent injunction and 168 million dollars in damages. The court found that NSO violated federal and state hacking laws through its Pegasus spyware operations targeting WhatsApp users. Despite this ruling, NSO has appealed the decision while simultaneously continuing operations. The Israeli spyware vendor has been on the U.S. government's Entity List since 2021, designated as a national security threat.
Campaign Details
Meta's security team disrupted multiple NSO-linked social engineering attempts after investigating user reports. The tactics mirrored previously documented phishing campaigns used against journalists and activists in Jordan between 2019 and 2023. Attackers attempted to manipulate targets into clicking malicious links that would redirect them to external websites outside WhatsApp's encrypted environment, bypassing the app's security protections. Meta also discovered NSO creating test accounts and groups on WhatsApp, which were subsequently removed.
Legal and Policy Implications
The contempt filing occurs amid reports that some U.S. government officials may consider easing restrictions on NSO. Meta explicitly warned against such action, arguing that relaxing sanctions would undermine national security and compromise billions of users relying on secure communications. Security researchers from institutions like the University of Toronto's Citizen Lab reinforced this position, stating that NSO's ongoing violations demonstrate why the company should remain sanctioned.
Broader Context
NSO's customer base has been documented targeting journalists, government officials, military personnel, and humanitarian workers globally. The company's CEO testified in court that NSO actively seeks attack vectors beyond WhatsApp, including browsers, operating systems, and other applications. Meta is supporting accountability efforts through contributions to the Spyware Accountability Initiative, which funds forensic research and advocacy organizations worldwide.
Sources
https://cyberscoop.com/meta-contempt-complaint-nso-group-spyware/
https://securityaffairs.com/193333/security/meta-accuses-nso-of-violating-whatsapp-court-injunction.html
https://www.threads.com/@hapsiainen78/post/DZVYwfQDWxq/meta-accuses-nso-group-of-defying-spyware-injunction-files-contempt-of-court
https://www.socdefenders.ai/item/590b14e2-12e4-4cf3-b98f-f61434401a69

Comments