WhatsApp and parent company Meta won a major legal victory against NSO Group over the use of Pegasus spyware to hack roughly 1,400 users through a WhatsApp audio-calling vulnerability. The case, filed in 2019, survived NSO’s attempts to dismiss it, including arguments that it should share sovereign immunity with its government customers, and the U.S. Supreme Court later allowed the suit to proceed. A court subsequently found NSO liable for violating the Computer Fraud and Abuse Act, California anti-hacking law, and WhatsApp’s terms of service, and a jury later awarded WhatsApp more than $167 million in damages.
Court proceedings and later reporting exposed new details about the spyware operation and NSO’s conduct during discovery. Trial evidence described a zero-click Pegasus delivery chain using a fake WhatsApp call and infrastructure designed to infect targets using only a phone number, and testimony indicated NSO continued developing WhatsApp-based vectors after the lawsuit began under codenames including Eden, Heaven, Erised, and Hummingbird. Separate reporting alleged NSO sought Israeli government help to keep Pegasus source code and malware documents out of U.S. court, leading to a secret seizure of internal files, while disclosures in the case identified customers including Mexico, Saudi Arabia, and Uzbekistan and reinforced longstanding allegations that Pegasus had been used against journalists, activists, and other civil society targets.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
11 events from the most recent confirmed update back to the earliest known activity.
Evidence aired during the 2025 trial described the WhatsApp exploit chain in detail, said NSO kept using WhatsApp vectors after the lawsuit under the Hummingbird platform, and identified customers including Mexico, Saudi Arabia, and Uzbekistan. The proceedings also disclosed that NSO had cut off 10 government customers for abuse and exposed financial strain inside the company.
On May 6, 2025, a jury ordered NSO Group to pay more than $167 million to WhatsApp, concluding the damages phase of the long-running Pegasus spyware case. Meta described the verdict as a major win against commercial spyware abuse.
In 2019, NSO Group used a WhatsApp audio-calling vulnerability to deliver Pegasus spyware in a zero-click attack against more than 1,400 users, according to WhatsApp's later lawsuit and trial evidence.
A U.S. court ruled NSO Group liable for violating anti-hacking and related laws in WhatsApp's lawsuit over Pegasus attacks on about 1,400 users. The case then moved forward solely on the question of damages.
Reporting based on leaked Israeli justice ministry materials alleged that Israeli authorities helped prevent Pegasus malware documents from reaching WhatsApp in U.S. court discovery. The revelations added a state-interference dimension to the litigation.
The U.S. Supreme Court declined to block the case, allowing WhatsApp to continue pursuing its spyware lawsuit against NSO Group. The decision left lower-court rulings against NSO's immunity arguments in place.
In 2020, Israeli officials obtained a secret Tel Aviv court order, raided NSO's offices, and seized internal files and source-code-related materials. Later reporting said the move was intended to keep sensitive Pegasus documents from being produced in the U.S. WhatsApp case.
WhatsApp publicly argued that NSO itself, not only its government customers, was deeply involved in the hacking of its users. The statement sharpened the dispute over NSO's responsibility for Pegasus operations.
After the lawsuit was filed, NSO tried to defeat the case by arguing it acted on behalf of foreign government clients and should not be held liable. Those efforts to dismiss the suit ultimately failed.
WhatsApp filed suit against NSO Group in 2019, alleging the company used WhatsApp infrastructure unlawfully to infect users with Pegasus spyware. The case centered on attacks against journalists, activists, and other targets.
On 2018-11-28, Amnesty International said a staff member had been targeted in June with a malicious WhatsApp message that its investigation linked to NSO Group's Pegasus spyware. Amnesty also said it was considering legal action to revoke NSO Group's Israeli export licence after the Ministry of Defence refused its request.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
10 references tracked. Mallory keeps watching after this page renders.
theguardian.com
Open sourcelawfaremedia.org
Open sourcetechcrunch.com
Open sourceabout.fb.com
Open sourcetechdirt.com
Open sourcetheguardian.com
Open sourcetheguardian.com
Open sourceamnesty.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.