{
	"id": "7120715a-87a5-4ca8-ad61-45c2050490d9",
	"created_at": "2026-04-06T00:12:05.670381Z",
	"updated_at": "2026-04-10T03:23:51.317595Z",
	"deleted_at": null,
	"sha1_hash": "2dc26bb56fa13ba11149f8c2f9acbb0da6f28cbb",
	"title": "Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 261694,
	"plain_text": "Judge rules NSO Group is liable for spyware hacks targeting 1,400\r\nWhatsApp user devices\r\nBy Suzanne Smalley\r\nPublished: 2024-12-21 · Archived: 2026-04-05 16:20:02 UTC\r\nThe developer of the powerful Pegasus spyware was found liable on Friday for its role in the infection of devices\r\nbelonging to 1,400 WhatsApp users.\r\nThe precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO\r\nGroup, whose notorious spyware has been reportedly used, and often abused, by a roster of anonymous\r\ngovernment clients worldwide. \r\nNo court has ever before held the company liable for abuses despite its spyware being found on hundreds of\r\nphones belonging to activists, journalists and other members of civil society. The company has long stated that its\r\ntools can only be used by national security officials and law enforcement officers investigating intelligence\r\nmatters and crimes.\r\nMeta-owned WhatsApp sued in 2019, alleging NSO Group had found a bug in its systems and used it to install\r\nspyware on some users’ devices. Journalists, human rights activists, political dissidents, diplomats and senior\r\nforeign government officials, frequent targets of Pegasus, were among the WhatsApp victims. \r\nThe Israeli spyware maker repeatedly tweaked the exploit to penetrate defenses WhatsApp put in place over the\r\ncourse of two years, the WhatsApp lawsuit says.\r\nNorthern California federal judge Phyllis Hamilton determined that the NSO Group violated the federal Computer\r\nFraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA)\r\nfor enabling the hacks. The judge also found NSO Group liable for breach of contract for violating WhatsApps’\r\nterms of service.\r\n“After five years of litigation, we're grateful for today's decision,” WhatsApp said in a statement. “NSO can no\r\nlonger avoid accountability for their unlawful attacks on WhatsApp, journalists, human rights activists and civil\r\nsociety.” \r\n“With this ruling, spyware companies should be on notice that their illegal actions will not be tolerated.”\r\nA spokesperson for the NSO Group did not immediately respond to a request for comment.\r\nAdvocates for spyware victims applauded the decision.\r\n“This is the first successful case against NSO Group where NSO was found liable for compromising the digital\r\nsecurity infrastructure that millions of people rely on with Pegasus spyware,” said Natalia Krapiva, senior tech\r\nlegal counsel at Access Now. \r\nhttps://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users\r\nPage 1 of 3\n\n“While the court still has to determine the damages that the NSO should pay, the partial summary judgment is a\r\nmajor win not just for WhatsApp, whose servers were targeted by NSO, but for hundreds of victims around the\r\nworld whose lives have been destroyed by Pegasus and other spyware.”\r\nKrapiva added that spyware companies around the world should take notice that “the time of impunity is over and\r\nthey will be brought to justice for undermining the security of our devices and platforms, as well as our human\r\nrights.”  \r\nIn her ruling, the judge lambasted NSO Group for repeatedly failing to produce complete Pegasus source code\r\ndespite a court order requiring that it be turned over.\r\nNSO submitted source code that could only be viewed by Israeli citizens present in Israel, the judge said in her\r\norder, citing NSO’s failure to produce its full source code in an accessible manner as a major reason she decided to\r\ngrant WhatsApps’ request for sanctions.\r\nThe judge said that NSO Group used a “Whatsapp Installation Server,” or WIS, which allowed their clients to\r\nsend “cipher” files with “installation vectors” allowing surveillance of targets.\r\nNSO Group appears to “fully acknowledge that the WIS sent messages through Whatsapp servers that caused\r\nPegasus to be installed on target users’ devices, and that the WIS was then able to obtain protected information by\r\nhaving it sent from the target users, through the Whatsapp servers, and back to the WIS,” the judge said.\r\nSenior NSO executives deposed in the case admitted in sworn testimony to developing the exploits used in the\r\nWhatsApp hacks. Recently unsealed court filings also show that WhatsApp’s security team repeatedly blocked\r\nPegasus intrusions only to see NSO develop new malware to overcome their efforts.\r\nThe high-profile lawsuit offered a rare glimpse into the inner workings of a shadowy spyware manufacturer whose\r\nexecutives admitted in depositions that, contrary to past assertions, NSO Group does in fact control data extraction\r\nfrom the targets’ devices and the process for embedding the spyware on them.\r\n“NSO’s customers’ role is minimal,” one WhatsApp filing says, citing a senior executive’s deposition. “NSO\r\ncontrols every aspect of the data retrieval and delivery process through its design of Pegasus.”\r\nThe spyware manufacturer had fought to keep the depositions from being publicly released, but the judge\r\noverruled the company, ordering the filings to be unsealed last month.\r\nEvidence from the case also shows that NSO Group continued to develop new malware that infected victims via\r\ntheir WhatsApp accounts even after the messaging platform sued the spyware company for allegedly violating\r\nfederal anti-hacking laws.\r\nArguments to determine damages will begin in March, according to the court docket.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nhttps://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users\r\nPage 2 of 3\n\nLearn more.\r\nNo previous article\r\nNo new articles\r\nSuzanne Smalley\r\nis a reporter covering digital privacy, surveillance technologies and cybersecurity policy for The Record. She was\r\npreviously a cybersecurity reporter at CyberScoop. Earlier in her career Suzanne covered the Boston Police\r\nDepartment for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington\r\nwith her husband and three children.\r\nSource: https://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users\r\nhttps://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users"
	],
	"report_names": [
		"judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434325,
	"ts_updated_at": 1775791431,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2dc26bb56fa13ba11149f8c2f9acbb0da6f28cbb.pdf",
		"text": "https://archive.orkl.eu/2dc26bb56fa13ba11149f8c2f9acbb0da6f28cbb.txt",
		"img": "https://archive.orkl.eu/2dc26bb56fa13ba11149f8c2f9acbb0da6f28cbb.jpg"
	}
}