Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group — a spyware firm blacklisted for actions contrary to US national security — from targeting WhatsApp and its users ever again. The court was unequivocal: NSO violated the federal and state laws against hacking. Today, we’re asking the court to hold them in contempt of that order.
Catching and Disrupting NSO’s Targeting Attempts
We successfully disrupted NSO-linked social engineering attempts, after investigating user reports. They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down.
We are sharing threat indicators so that anyone can check if they were targeted by NSO-linked social engineering attempts across any platform — be it text message, email, WhatsApp message, or something else.
Spyware Is a National Security Threat
Since 2019, our case has shown that NSO continues to build spyware tools to target people’s devices. Its CEO confirmed in court that the company looks for “vectors, or ways to access the phone” beyond WhatsApp, targeting browsers, operating systems, and other applications.
No technology is off-limits to surveillance-for-hire firms, whose reported targets range from journalists to government officials, military personnel, and humanitarian organizations.
When a malicious company on the US government’s Entity List continues to defy US courts, existing restrictions must remain firmly in place. Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk.
No Company Can Fight Spyware Alone
When we originally discovered NSO’s 2019 attack, Citizen Lab helped us investigate it and notify the people who were targeted. When the case first went to trial, our industry peers and other organizations supported it, strengthening the legal record.
Last month, we were joined by 12 prominent civil rights organizations — a coalition of security researchers, privacy advocates, and digital rights experts — who filed their amicus briefs to fight NSO’s appeal against the permanent injunction.
Today, we are beginning to deliver on our promise to support digital rights organizations working to defend people against spyware attacks by making a significant contribution to the Spyware Accountability Initiative (SAI). SAI supports dozens of organizations worldwide focused on forensic research, user support, and advocacy.
For example, a Citizen Lab zero-day discovery led to an Apple security update for over a billion devices. This year, a Greek court issued the first-ever criminal conviction of spyware company executives, a case built on forensic evidence and investigative reporting by civil society.
This work is demanding, often dangerous, and consistently under-resourced compared to the spyware industry that continues to develop new exploits. We’re committed to doing our part to support this critical effort.
As always, WhatsApp users’ personal messages and calls remain protected with default end-to-end encryption. We encourage people to keep their apps and devices up to date and report suspicious activity so we can quickly investigate and take action. For those who believe they may be targeted by sophisticated cyber attacks, we strongly recommend enabling strict account settings to harden their WhatsApp accounts even more.
Threat Indicators
Malicious domains:
- hxxps://ikhwancast[.]com
- hxxps://ghazacast[.]com
- hxxps://fr24cast[.]com
