WhatsApp announced Monday that it disrupted a fresh hacking campaign linked to NSO Group, the spyware maker that has built a global reputation for being the go-to vendor for governments who want to snoop on journalists, dissidents, and anyone else who might annoy them. The Meta-owned messaging app accused NSO of violating a court order that explicitly told the company to stop targeting WhatsApp and its users, and is now seeking to hold NSO in contempt of court.

The attacks, which WhatsApp described as "spear phishing attempts," involved tricking users into clicking malicious links that redirected them to external websites outside of WhatsApp. The company also discovered NSO creating test accounts and groups on the platform, which were promptly shut down. This campaign closely mirrors a 2024 phishing operation reported in Jordan, where users were similarly lured into clicking links that infected their devices with NSO's infamous Pegasus spyware.

NSO, for its part, did not respond to TechCrunch's request for comment - a silence that speaks volumes given the circumstances.

The legal backdrop here is a years-long lawsuit WhatsApp filed against NSO after a 2019 mass-hacking campaign that targeted more than 1,400 WhatsApp users. A jury initially ordered NSO to pay $167 million in damages, later reduced to $4 million, and a court issued a permanent injunction barring NSO from targeting WhatsApp or its users. WhatsApp claims the new phishing campaign violates that injunction, hence the contempt filing.

Over the past decade, security researchers, journalists, and tech companies have documented dozens of cases where government hackers used NSO's spyware to compromise the phones of journalists, dissidents, human rights workers, and political opponents. Tech companies have responded by exposing these campaigns, notifying victims, filing lawsuits, and introducing special opt-in security features designed to make devices harder to hack - especially by government customers wielding powerful spyware like Pegasus.

The U.S. government has also piled on, placing NSO on a blocklist and imposing sanctions on other spyware makers like Intellexa and its founder. Last year, a group of U.S. investors purchased NSO with the stated goal of cleaning up its reputation and lobbying the U.S. government to lift those measures. But despite NSO's plans to enter the American market, the U.S. Commerce Department has yet to remove the company from its blocklist.