Meta files contempt complaint against NSO Group over fresh WhatsApp spyware phishing

Meta disclosed it detected and disrupted a new spear-phishing campaign linked to NSO Group's Pegasus operation, and filed a federal contempt-of-court complaint arguing the activity violates the 2025 permanent injunction barring NSO from targeting WhatsApp or its users (Meta, 2026-06-08; CyberScoop, 2026-06-08). The campaign used one-click links sent to WhatsApp users that redirected them to external attacker-controlled websites — the same social-engineering pattern (T1566.002) tied to earlier NSO phishing chains; Meta states no WhatsApp protocol zero-day and no end-to-end-encryption bypass was involved (BleepingComputer, 2026-06-08). Meta removed test accounts and groups NSO created on the platform.

Why it matters to us: The threat vector is user-level social engineering, not platform exploitation — iOS Lockdown Mode and Android Advanced Protection both reduce the Pegasus delivery surface, and mobile-threat-defence monitoring of device-integrity attestation is the relevant control. NSO's confirmed customer base is governments and its targeting pattern (officials, journalists, activists) is documented across EU member states, keeping commercial-spyware exposure a standing concern for public-sector mobile fleets.