Meta has shared that it has been subject to another attack by the spyware group NSO, and this alleged attack violates the permanent injunction that was imposed against them by a US District Court.
The allegations come after Meta discovered another attack against WhatsApp that is allegedly linked to the spyware creators.
Meta Claims NSO Violated Permanent Injunction
Meta announced in a blog post that they filed a contempt order against NSO, citing violations of the permanent injunction that bars the spyware maker from hacking its users. The injunction was granted last year by a federal judge, alongside a ruling that also significantly reduced the punitive damages NSO owed from an initial $167 million down to $4 million.
In the 25-page ruling, the judge found that the court did not have sufficient evidence to determine that NSO's behavior was particularly egregious, which led to the reduction in damages.
Despite that reduction, the permanent injunction remained firmly in place against NSO, but the group had previously said that an injunction of this kind could effectively put the company out of business.
Meta said last month its efforts were joined by 12 prominent civil rights organizations, a coalition of security researchers, privacy advocates, and digital rights experts who filed amicus briefs to fight NSO's appeal against the permanent injunction.
NSO Allegedly Attacked WhatsApp Recently
The recent attacks involved social engineering attempts that tried to trick WhatsApp users into clicking on malicious links that would redirect them to external websites outside of the platform, similar to previously reported one-click phishing campaigns linked to NSO. Meta also caught NSO creating test accounts and groups on WhatsApp and took them all down.
Meta shared threat indicators publicly so that anyone can check whether they were targeted by NSO-linked attempts across any platform, whether through text message, email, or WhatsApp.
Since 2019, the case has shown that NSO continues to build spyware tools to target people's devices. NSO's own CEO confirmed in court that the company looks for ways to access phones beyond WhatsApp, targeting browsers, operating systems, and other applications.
Meta vs. NSO Spyware Group
The legal conflict between Meta and NSO has been unfolding for several years as WhatsApp first sued NSO after alleging that Pegasus was used to infect roughly 1,400 phones through a vulnerability in the platform.
In December 2024, a US judge found NSO liable for hacking and breach-related violations, and last year, a jury ordered NSO to pay close to $167 million in damages alongside the injunction.
NSO has been actively working to overturn the permanent injunction as recently, the company appealed to the Ninth Circuit that the injunction would cause it irreparable harm, a claim that drew a coalition of civil society organizations to file amicus briefs in support of keeping the order in place.
Meta framed the contempt filing as a national security matter, and the company noted that "When a malicious company on the US government's Entity List continues to defy US courts, existing restrictions must remain firmly in place."
The Mark Zuckerberg-owned company also said that easing them would undermine national security and put billions of people worldwide who rely on secure communications at risk.
