Published June 21, 2026
Meta has intercepted a targeted spear-phishing campaign by NSO Group aimed at deploying Pegasus spyware to WhatsApp users in Jordan and Lebanon. The attack utilizes sophisticated social engineering templates and malicious redirection URLs to bypass traditional security controls and achieve device compromise. This campaign directly violates a 2025 permanent federal injunction against NSO Group. In response, Meta is pursuing legal contempt motions to enforce judicial orders, moving beyond technical disruption to aggressive litigation to protect user privacy and platform integrity.
-
Incident Overview
- Target Demographics: Mobile users concentrated in Jordan and Lebanon.
- Primary Payload: Pegasus spyware, designed for advanced device surveillance.
- Legal Context: Direct violation of a 2025 permanent federal injunction.
-
Attack Vector & Mechanics
- Initial Access: Spear-phishing messages delivered directly via WhatsApp.
- Social Engineering: Use of deceptive templates to manipulate user interaction.
- Delivery Pipeline: Malicious URLs triggering redirection to external sites for payload deployment.
-
Threat Actor Profile & Impact
- Actor Identity: NSO Group, an Israeli-based spyware vendor currently under U.S. blacklisting.
- Targeted Impact: High-severity risk of full mobile device compromise and data exfiltration.
- Strategic Intent: Specialized, geographically-focused surveillance operations.
-
Defensive Actions & IoCs
- Technical Mitigation: Disruption of malicious links and spear-phishing infrastructure by Meta.
- Legal Enforcement: Filing of a contempt of court motion against NSO Group.
- Indicators: Identification of specific malicious redirection URLs and social engineering patterns.
-
Conclusion
- Strategic Shift: Transition from technical-only mitigation to aggressive legal warfare.
- Industry Implication: Increased reliance on judicial intervention to curb state-sponsored spyware actors.
Related posts
- cyberinsider.com — WhatsApp says it caught NSO attempting to spy on users again
- feeds.feedburner.com — Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
- bleepingcomputer.com — WhatsApp says it disrupted new NSO spyware phishing attacks
- gbhackers.com — WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group
- Theguardian
- Citizenlab
- Security Affairs — SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
- English
- Cyberscoop
- Ic3
- Malwarebytes
- The Record by Recorded Future — Russia used social engineering to breach prominent messaging accounts, Ukraine says
- bleepingcomputer.com — FBI: Russian hackers now target Signal backup recovery keys
- feeds.feedburner.com — Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
- Thenextweb
- Thehackernews
- Securityboulevard
- News
- Justice
- Kyivpost
- Infosecurity-magazine
- Westoahu