Meta’s WhatsApp announced it had detected and disrupted fresh surveillance campaigns linked to NSO Group — the maker of Pegasus spyware — and filed a federal contempt motion accusing the Israeli surveillance firm of violating the permanent injunction a US federal court entered against it in October 2025.
New Spear-Phishing Campaigns Detected After October 2025 Permanent Injunction
WhatsApp announced on June 8, 2026 that its security platform had detected and disrupted a fresh wave of spear-phishing campaigns linked to NSO Group, in what it describes as a direct violation of a permanent court injunction permanently barring NSO from targeting WhatsApp and its users. WhatsApp filed a federal contempt motion in US court seeking to hold NSO in contempt for the alleged violations.
The newly detected activity included spear-phishing attempts designed to redirect WhatsApp users to external malicious websites, as well as the creation of test accounts and groups within WhatsApp itself — activities the October 2025 court order explicitly and permanently prohibits. WhatsApp’s security platform detected and disrupted the campaigns before they achieved their objective. The specific number of targeted users and their identities have not been disclosed. Meta notified law enforcement authorities and is pursuing the contempt action in parallel.
Spear-Phishing and Test Account Creation Violated Explicit Prohibitions in the Injunction
The October 2025 injunction was specific in its prohibitions: NSO was permanently barred from accessing or attempting to access WhatsApp’s platform and its users. The creation of WhatsApp test accounts by NSO-linked infrastructure — used to develop, test, or deploy surveillance capabilities — falls directly within the prohibited conduct the injunction was designed to prevent. The contempt motion asks the court to impose additional penalties beyond the existing judgment, which already includes $167 million in punitive damages.
NSO Group’s Pending Appeal Does Not Suspend the Injunction
NSO Group has appealed the underlying verdict and damages award, but the appeal does not stay the permanent injunction — NSO was required to comply while the appeal remains pending. Twelve civil rights organizations filed amicus briefs in support of the injunction in May 2026, reinforcing the legal foundation the contempt motion rests on. NSO Group had not publicly responded to the June 8 announcement; its standard position has been that Pegasus is used only by vetted government customers for lawful intelligence purposes.
$167 Million Verdict, the Injunction’s Origin, and What Contempt Could Mean
The contempt filing follows a legal saga that began with a 2019 attack campaign in which NSO’s infrastructure exploited a WhatsApp VOIP stack vulnerability to deliver Pegasus spyware silently to approximately 1,400 users — a list that included journalists, human rights lawyers, and government officials in more than 20 countries. A US federal jury found NSO liable in 2024, then in May 2025 awarded $167 million in punitive damages and $444,719 in compensatory damages (later reduced to approximately $4 million in compensatory damages on judicial review), along with the permanent injunction.
A successful contempt finding could impose court-ordered penalties beyond the existing judgment, further constraining NSO’s ability to operate in US jurisdictions. The case has become the most direct legal test of whether a permanent court injunction against a commercial spyware operator carries real enforcement consequences when the operator continues active surveillance infrastructure development using the targeted platform.
Pegasus Capabilities and the Enforcement Precedent for Commercial Spyware Operators
Pegasus is not conventional malware. It is a government-grade surveillance tool documented as capable of silently activating camera and microphone access, extracting encrypted messages from Signal, WhatsApp, and iMessage, tracking real-time GPS location, and in some configurations delivering zero-click exploitation — meaning a target’s device can be compromised without the user taking any action. Whether the activity WhatsApp detected involved Pegasus specifically or a different NSO surveillance tool has not been confirmed in WhatsApp’s disclosure.
NSO Group’s Historic Targeting Pattern and the Stakes of the Contempt Ruling
Historic NSO operations documented by researchers and government investigations targeted journalists in Saudi Arabia, opposition politicians in Poland and Spain, and civil society workers in Mexico and India, among others. WhatsApp’s contempt motion, if successful, would mark the first instance of a major technology platform obtaining court sanctions against a commercial spyware operator for post-injunction platform access — establishing that permanent injunctions against surveillance technology firms carry enforceable legal consequences rather than functioning as procedural formalities that sophisticated defendants can circumvent while appellate proceedings run their course.
