• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Embargo Ransomware nets $34.2M in crypto since April 2024

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Laws and regulations
  • U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Pierluigi Paganini December 23, 2024

A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware.

WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle.

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software.

“defendants’ relevant software products, collectively referred to as “Pegasus,” allow defendants’ clients to use a modified version of the Whatsapp application – referred to as the “Whatsapp Installation Server,” or “WIS. The WIS, among other things, allows defendants’ clients to send “cipher” files with “installation vectors” that ultimately allow the clients to surveil target users.” reads the court document. published “As mentioned above, plaintiffs allege that defendants’ conduct was a violation of the CFAA, the CDAFA, and a breach of contract.”

The U.S. court ruled that NSO Group repeatedly failed to produce key evidence, including Pegasus source code, and imposed sanctions, reserving harsher penalties for later.

WhatsApp stated NSO only provided AWS server code, not the full codebase. Judge Hamilton criticized NSO’s non-compliance, citing concerns about transparency.

The court found NSO Group liable for breaching WhatsApp’s terms of service by using the platform for malicious purposes. WhatsApp hailed the decision as a victory for privacy.

This ruling is a huge win for privacy.

We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions.

Surveillance companies should be on notice that illegal spying will…

— Will Cathcart (@wcathcart) December 21, 2024

The surveillance firm exploited a zero-day vulnerability, tracked as CVE-2019-3568 (CVSS score of 9.8), in the voice calling feature of the popular instant messaging app.

NSO Group continued using WhatsApp exploits, including spyware called “Erised,” even after being sued for violating anti-hacking laws. The experts detected three exploits, called “Heaven,” “Eden,” and “Erised”, that were employed in over 1,400 attacks attributed to NSO Group.

“Even after WhatsApp detected and blocked the exploit described in the Complaint in May 2019, NSO admits that it developed yet another installation vector (known as Erised) that also used WhatsApp servers to install Pegasus.2 NSO continued to use and make Erised available to customers even after this litigation had been filed, until changes to WhatsApp blocked its access sometime after May 2020. NSO’s witnesses have refused to answer whether it developed further WhatsApp-based Malware Vectors thereafter.” continues the court filing. “All of these facts are undisputed, drawn principally from the corporate representative testimony of NSO’s own witnesses, which is binding on Defendants.”

In May 2019, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.

At the time, The Financial Times reported that the WhatsApp zero-day was exploited by threat actors to deliver the spyware developed by surveillance firm NSO Group.

The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups, activists, journalists, lawyers, and dissidents. Security experts have detected and analyzed some of the tools in its arsenal, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). 

In March 2024, Meta won the litigation against the Israeli spyware vendor, a U.S. Judge ordered the surveillance firm to hand over the source code for its Pegasus spyware and other products to the social network giant.

NSO Group has been requested to provide details regarding the complete functionality of the pertinent spyware, covering the period one year before the alleged attack through one year after the alleged attack (i.e., from April 29, 2018, to May 10, 2020).

Court documents filed in November revealed that NSO Group had minimal control over customers’ use of its spyware, contradicting prior claims by the Israeli firm.

Contrary to NSO’s claims, the filing suggests the spyware vendor operated its Pegasus system, with customers only needing to provide a target number. NSO disputes these allegations, asserting its clients solely operate the system.

“[NSO Group] stands behind its previous statements in which we repeatedly detailed that the system is operated solely by our clients and that neither NSO nor its employees have access to the intelligence gathered by the system.” said Gil Lanier, vice president of global communications for the Israeli firm.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NSO Group)


facebook linkedin twitter

Hacking hacking news information security news IT Information Security malware NSO Group Pegasus Spyware Pierluigi Paganini Security Affairs Security News spyware WhatsApp

you might also like

Pierluigi Paganini August 15, 2025
Cisco fixed maximum-severity security flaw in Secure Firewall Management Center
Read more
Pierluigi Paganini August 15, 2025
'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

    Security / August 15, 2025

    'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

    Malware / August 15, 2025

    Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

    Hacking / August 15, 2025

    Norway confirms dam intrusion by Pro-Russian hackers

    Hacktivism / August 14, 2025

    Zoom patches critical Windows flaw allowing privilege escalation

    Security / August 14, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT