Meta announced on Monday that it detected and neutralised a new wave of spear-phishing attacks on WhatsApp that the company has attributed to Israeli surveillance software maker NSO Group. The social media giant also revealed it is pursuing a federal court contempt order against the spyware vendor, alleging the firm violated a permanent injunction that prohibits it from targeting WhatsApp or the platform's users.
According to The Hacker News, which reported on the disclosure on 8 June, the attackers attempted to lure victims into clicking malicious links designed to redirect them to attacker-controlled external websites. The campaign used targeted, personalised messages — a hallmark of spear-phishing — rather than mass-distributed spam, suggesting a focused effort to compromise specific individuals.
A Long-Running Legal Battle
The latest incident adds another chapter to the protracted legal confrontation between Meta and NSO Group. Meta originally sued the spyware company in 2019, alleging that NSO exploited a vulnerability in WhatsApp's voice-calling feature to install its Pegasus spyware on the devices of roughly 1,400 users worldwide. That case resulted in a permanent injunction issued by a US federal court barring NSO from accessing or attempting to access WhatsApp's infrastructure and services. A court later awarded Meta $168 million in damages in connection with the Pegasus-related claims — a ruling that underscored the financial stakes involved.
Monday's announcement indicates that Meta believes NSO has disregarded that court order. By filing a contempt motion, Meta is asking the court to formally find that NSO violated the injunction — a move that could carry significant legal consequences for the Israeli firm, including potential fines or other sanctions on top of the existing damages award.
NSO Group has consistently maintained that its products are sold exclusively to government and law-enforcement clients for legitimate investigations. The company has faced mounting scrutiny from regulators, technology firms, and civil liberties organisations over allegations that Pegasus has been used to surveil journalists, political dissidents, and human rights advocates in multiple countries.
Why This Matters
For IT security professionals and the broader technology community, the development carries several important implications.
First, it underscores a persistent and uncomfortable reality: even end-to-end encrypted messaging platforms like WhatsApp remain vulnerable to attacks that bypass encryption entirely by compromising the endpoint device itself. Phishing and social engineering continue to be among the most effective vectors because they exploit human behaviour rather than cryptographic weaknesses.
Second, the case highlights the growing willingness of major technology companies to use the courts as a tool in the fight against commercial spyware. Meta's decision to pursue contempt proceedings signals that platform operators view legal accountability as a necessary complement to technical countermeasures. A successful contempt ruling could set a precedent for how injunctions against surveillance vendors are enforced in practice.
Third, the repeated targeting of a platform that has already secured a court-ordered ban raises questions about the effectiveness of current legal frameworks in deterring well-resourced spyware developers. The episode reinforces the importance of layered defence strategies, user awareness training, and extreme caution around unsolicited links — even from contacts who appear legitimate and on platforms with strong security reputations.
Meta did not disclose how many users were targeted in the latest campaign or identify the intended victims. The company said its security team blocked the attacks before any compromise occurred and that it is cooperating with the relevant legal authorities as the contempt motion proceeds.
社交媒體巨頭 Meta 週一宣佈,偵測並阻止了一波針對 WhatsApp 的新型魚叉式網絡釣魚攻擊,並將此歸咎於以色列監控軟件製造商 NSO 集團。Meta 同時透露,正在向聯邦法院申請對該間諜軟件供應商的藐視法庭令,指控其違反了一項禁止其針對 WhatsApp 或平台用戶的永久禁令。
據 The Hacker News 於 6 月 8 日報導,攻擊者試圖引誘受害者點擊惡意連結,將他們重新導向至由攻擊者控制的外部網站。是次攻擊活動使用了針對性的個人化訊息——這是魚叉式網絡釣魚的典型特徵——而非大規模發送的垃圾郵件,表明這是一次針對特定個體的集中攻擊行動。
曠日持久的法律戰
這起最新事件為 Meta 與 NSO 集團之間曠日持久的法律對峙增添了新的一章。Meta 於 2019 年首次起訴該間諜軟件公司,指控 NSO 利用 WhatsApp 語音通話功能中的一個漏洞,在全球約 1,400 名用戶的裝置上安裝其 Pegasus 間諜軟件。該案最終導致美國聯邦法院頒佈永久禁令,禁止 NSO 存取或嘗試存取 WhatsApp 的基礎設施和服務。法院其後就 Pegasus 相關申索裁定 Meta 獲得 1.68 億美元賠償——該裁決凸顯了當中涉及的重大財務利益。
週一的公告表明,Meta 認為 NSO 無視了該法院命令。透過提交藐視法庭動議,Meta 正請求法院正式認定 NSO 違反了禁令——此舉可能為這家以色列公司帶來重大的法律後果,包括在現有賠償裁決之外的潛在罰款或其他制裁。
NSO 集團一直堅持認為,其產品僅出售給政府和執法機構客戶,用於合法調查。然而,由於有指控稱 Pegasus 被用於監視多個國家的記者、政治異見人士和人權倡導者,該公司正面臨來自監管機構、科技公司和公民自由組織日益嚴格的審查。
為何此事重要
對於 IT 安全專業人士及更廣泛的科技界而言,此事態發展具有若干重要影響。
首先,它凸顯了一個持續存在且令人不安的現實:即使是像 WhatsApp 這樣提供 end-to-end 加密的即時通訊平台,仍然可能受到攻擊,這些攻擊透過入侵端點裝置本身來完全繞過加密。網絡釣魚和社會工程學攻擊之所以持續成為最有效的攻擊媒介,是因為它們利用的是人類行為,而非加密技術的弱點。
其次,此案突顯了主要科技公司日益願意將法院作為打擊商業間諜軟件的工具。Meta 決定尋求藐視法庭程序,表明平台營運商將法律問責視為技術反制措施的必要補充。成功的藐視法庭裁決,可能為監控供應商禁令的實際執行方式樹立先例。
第三,一個已獲法院頒令禁止的平台反覆成為攻擊目標,這引發了對現行法律框架能否有效遏制資源雄厚的間諜軟件開發商的質疑。此事件再次強調了縱深防禦策略、用戶意識培訓以及對未經請求連結保持極度謹慎的重要性,即使這些連結看似來自合法聯繫人,且來自安全信譽良好的平台。
Meta 未披露在最新攻擊活動中有多少用戶被鎖定,亦未指明具體目標受害者。該公司表示,其安全團隊在任何入侵發生前已阻止了攻擊,並正在藐視法庭動議進行期間與相關法律當局合作。