Meta’s Contempt Motion: When Court Orders Meet Persistent Spyware
Meta’s contempt motion against NSO Group centers on whether a permanent court order can meaningfully restrain a surveillance-for-hire vendor that keeps adapting its technical and social-engineering playbook to probe WhatsApp’s defenses. The company says WhatsApp investigators disrupted new NSO-linked spear‑phishing attempts that tried to lure users into clicking malicious links leading to external sites, a pattern consistent with earlier WhatsApp phishing attacks connected to the firm’s Pegasus operations. These activities allegedly breach a permanent injunction that already bans NSO from targeting WhatsApp or its users. In response, Meta has asked a US federal judge to hold NSO in contempt, arguing that an entity already placed on the US government’s Entity List is now defying both regulators and the judiciary. The motion raises a sharp question: how do courts enforce digital boundaries against NSO Group spyware operators who never physically appear at the perimeter?
Inside the New WhatsApp Phishing Attempts
Public technical detail is thin, but the broad outline of the campaign is clear. Meta reports NSO-linked actors created test accounts and groups on WhatsApp, then used social engineering to send “1‑click” phishing links that redirected targets to hostile websites outside the app. Reuters and other outlets describe these attacks as similar to earlier one‑click operations, where a single tap can be enough to compromise a device, making them a severe WhatsApp security threat even for wary users. According to TechRepublic, the campaign focused on fewer than 10 users, mainly located in two Middle Eastern markets, and Meta says it has not found evidence that any were successfully compromised. WhatsApp has also released indicators of compromise and several campaign‑linked domains, helping defenders spot whether Pegasus spyware targeting might be resurfacing through related phishing infrastructure.
A Long Legal War: From Pegasus Lawsuit to Permanent Injunction
The contempt motion is the latest twist in a legal fight that began in 2019, when Meta accused NSO of abusing WhatsApp infrastructure to deliver Pegasus spyware to journalists, activists, and political opponents. A US court later found NSO liable for hacking WhatsApp users via Pegasus and, in 2025, a jury initially awarded Meta roughly USD 168 million (approx. RM772 million) in damages before the judge reduced that figure to USD 4 million (approx. RM18 million) and issued a permanent injunction barring NSO from targeting WhatsApp or its users. Meta portrays that Meta court order as a landmark ruling against the commercial spyware industry. Now, with Meta alleging that NSO has resumed NSO Group spyware activity against WhatsApp, the company argues that contempt findings are needed to show that surveillance vendors cannot treat injunctions as optional guidelines.
Enforcing Digital Injunctions Against Surveillance-for-Hire Vendors
Meta’s latest filing underlines how hard it is to enforce court orders in cyberspace when targets are sophisticated surveillance-for-hire operators. Even with a permanent ban, Meta must keep defenders hunting for new WhatsApp phishing attacks, dismantling infrastructure, and sharing indicators with the wider ecosystem. The company warns that “no technology is off-limits to surveillance-for-hire firms,” noting that reported NSO targets have included journalists, officials, military personnel, and humanitarian organizations. WhatsApp’s end-to-end encryption remains intact, but threats now concentrate on the surrounding attack surface: 1‑click links, social engineering, and potential zero‑click exploits. The case shows that injunctions alone cannot neutralize Pegasus spyware targeting; they must be paired with continuous monitoring, joint threat intelligence, and policy pressure on spyware vendors, hosting providers, and any intermediaries that keep these operations afloat.
What Meta vs. NSO Signals for the Future of Messaging Security
The renewed clash illustrates an ongoing cat‑and‑mouse game between major platforms and commercial spyware sellers. Meta’s disruption of the latest NSO-linked activity prevented visible harm this time, but the limited scope of the campaign does not reduce its significance. It shows that even after a high‑profile judgment, NSO Group spyware operators or their clients may keep probing for gaps in messaging defenses, while platforms respond with takedowns and new reporting channels for suspicious links. For users, the case reinforces a simple lesson: end‑to‑end encryption does not remove the risk of being tricked into opening a malicious link. For regulators and courts, it highlights the need to pair legal remedies with export controls, sanctions, procurement bans, and stronger oversight of the spyware trade if they want Meta court orders and similar rulings to shape attacker behavior rather than be treated as background noise.
