Close Menu
Cybercrime and Ransomware

WhatsApp Cracks Down on Pegasus Spyware Targeting Users

Staff WriterBy No Comments3 Mins Read1 Views

Summary Points

  1. Meta’s WhatsApp disrupted a new spear-phishing campaign linked to NSO Group, despite a court order prohibiting NSO from targeting WhatsApp users, indicating ongoing violations.
  2. In 2025, a U.S. jury ordered NSO to pay over $600 million for a 2019 attack that exploited WhatsApp vulnerabilities to install Pegasus spyware on approximately 1,400 devices.
  3. WhatsApp’s investigation found NSO-linked accounts attempting to lure users with malicious links, mainly targeting users in Jordan and Lebanon, with no device compromises detected.
  4. WhatsApp is seeking legal contempt charges against NSO, highlighting the company’s continued efforts to exploit vulnerabilities across different platforms beyond WhatsApp.

Key Challenge

Meta’s WhatsApp recently detected and thwarted a new wave of spear-phishing attacks linked to NSO Group, an Israeli spyware company known for its malicious surveillance tools. The targeting, which primarily affected fewer than ten users in Jordan and Lebanon, involved NSO-linked accounts attempting to lure victims into clicking malicious links—a tactic that former campaigns have employed before. This resurgence is troubling because, in 2025, a U.S. federal jury already ordered NSO to pay substantial damages for a 2019 attack that compromised approximately 1,400 WhatsApp users by exploiting a vulnerability to deliver Pegasus spyware. Despite this legal ruling and a permanent court injunction banning NSO from targeting WhatsApp, the company appears to have continued developing exploits, including new malware tools like “Erised” and “Heaven,” demonstrating a persistent pattern of defiance. WhatsApp’s investigation, prompted by user reports, uncovered these ongoing attempts and took steps to dismantle related accounts, but the company now seeks a federal court order to hold NSO in contempt for violating its previous court ruling. Civil rights groups and forensic organizations, such as Citizen Lab, support WhatsApp’s stance, emphasizing the broader concern over NSO’s expansive and illicit surveillance activities across multiple platforms.

Risks Involved

The recent surge in WhatsApp’s disruption of NSO-linked cyberattacks highlights a serious threat that could also target your business. If hackers leverage spyware like Pegasus, they can silently infiltrate your devices, gaining access to sensitive data, trade secrets, and client information. Consequently, this can lead to financial losses, reputational damage, and legal consequences. Moreover, once breaches occur, recovery costs escalate rapidly, affecting operations and trust. Importantly, as cybercriminals constantly evolve their tactics, your business must remain vigilant and proactive. Failure to do so leaves you vulnerable to theft, sabotage, and long-term damage—risks that no company, regardless of size, can afford to ignore.

Possible Action Plan

Ensuring rapid and effective remediation in cybersecurity incidents, especially those involving sophisticated spyware like Pegasus, is crucial to protect user data, maintain trust, and prevent further exploitation. Swift action minimizes the window of vulnerability and curtails the potential impact of the attack.

Mitigation Measures

  • Conduct immediate incident detection and containment to prevent further spread.
  • Notify affected users promptly about the breach.
  • Disable compromised accounts and services to limit access.
  • Deploy targeted security patches and updates for WhatsApp and related infrastructure.
  • Conduct thorough forensic analysis to understand breach mechanics.

Remediation Steps

  • Eradicate malware and malicious components from infected devices.
  • Strengthen security controls, including multi-factor authentication and intrusion detection systems.
  • Implement ongoing monitoring for suspicious activity.
  • Provide user education on identifying and avoiding phishing attempts or social engineering.
  • Review and update incident response plans based on lessons learned to improve future reactions and prevention strategies.

Explore More Security Insights

Stay informed on the latest Threat Intelligence and Cyberattacks.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.