NSO Group Was Fined $168 Million for Using Pegasus Spyware to Target 1,400 WhatsApp Users

A U.S. jury recently ruled that the Israeli company, NSO Group, must pay WhatsApp approximately $168 million. This verdict follows an earlier court decision where a judge stated that NSO Group broke U.S. laws by using spyware called Pegasus to infiltrate WhatsApp servers and spy on over 1,400 individuals globally.

  Privacy & Data Protection   May 7, 2025  Add to Reading List
NSO Group Was Fined $168 Million for Using Pegasus Spyware to Target 1,400 WhatsApp Users

A U.S. jury recently ruled that the Israeli company, NSO Group, must pay WhatsApp approximately $168 million. This verdict follows an earlier court decision where a judge stated that NSO Group broke U.S. laws by using spyware called Pegasus to infiltrate WhatsApp servers and spy on over 1,400 individuals globally.

WhatsApp initiated a lawsuit against NSO Group in 2019. They accused the company of deploying Pegasus to target journalists, human rights advocates, and political activists.

Court documents from the trial revealed that NSO Group attacked 456 individuals in Mexico, 100 in India, 82 in Bahrain, 69 in Morocco, and 58 in Pakistan. Altogether, affected users were found in 51 countries.

The cyberattack exploited a flaw in WhatsApp’s voice calling feature, CVE-2019-3568, which was considered highly serious.

In December 2024, Judge Phyllis J. Hamilton reported that Pegasus was used through WhatsApp’s California servers 43 times within May 2019.

Will Cathcart, who is in charge of WhatsApp at Meta, highlighted the significance of the case, noting the court's historic decision that NSO Group violated both federal and state laws. He remarked that the jury's verdict sends a strong message against illegal spyware activities targeting companies and users worldwide.

Cathcart also mentioned that WhatsApp aims to get a court order preventing NSO Group from targeting them again. Additionally, WhatsApp plans to donate to digital rights organizations working to protect people from such cyber threats.

The jury awarded $167 million in punitive damages and an additional $444,719 for the efforts of WhatsApp’s engineers in defending against these attacks.

This outcome is seen as a significant win for groups advocating for privacy and human rights, who have been critical of NSO Group for licensing its surveillance software for monitoring civilians.

NSO Group has argued that they are not responsible for how clients use Pegasus. However, Judge Hamilton emphasized that the company cannot claim to combat terrorism while disregarding client misuse of their technology.

According to Meta, NSO Group invests heavily in creating malware installation methods, affecting messaging apps, browsers, and operating systems, targeting devices up to the present day.

NSO Group maintains that their technology plays an essential role in preventing serious crimes and terrorism and intends to pursue further legal avenues. The U.S. government sanctioned NSO Group in 2021 for harmful cyber activities.

Apple, which had also filed a lawsuit against NSO Group, dropped its case in September 2024, citing concerns that pursuing the case might reveal sensitive details about its security measures.