NSO Group Must Pay Meta Over $167M Following Pegasus Spyware Attack Against WhatsApp

A federal jury in California found that the NSO Group, the Israeli creators behind the Pegasus spyware, are liable for the attacks against thousands of WhatsApp users. NSO Group must now pay Meta a sum of $167.25 million as result.

The decision was recently made official following an almost six-year lawsuit brought upon by Meta against the NSO Group for massive privacy and security violations.

This follows the discovery of the critical vulnerability dating back to 2019 which allowed the NSO Group to take advantage of it and install their Pegasus spyware to eavesdrop on calls.

NSO Group Must Pay Meta Over $167M

After it was ruled over six months ago that the NSO Group is liable for Pegasus spyware's attack against 1,400 WhatsApp users, a federal jury has now decided to make the Israeli company pay, literally.

In their latest decision, it came down to a $167.25 million fine against the NSO Group which must be paid to Meta.

Meta's latest blog post details its six-year fight against the NSO Group that compromised thousands of WhatsApp users, claiming this to be the "first victory" against the development and use of illegal spyware.

It is known that users did not even have to answer a call to be victimized by the Pegasus spyware, with the technology only needing to place a call before gaining access to a user device's microphone, camera, and access emails, text messages, and location.

Meta acknowledged their work with Citizen Lab in discovering the vulnerability on WhatsApp and how the NSO Group's Pegasus spyware took advantage of it, with the company claiming that this win is a "critical deterrent to this malicious industry."

NSO Group's Infamous Spyware

The Israeli-based NSO Group has operated its company to bring spyware to those that need it, and it has since faced controversy for its technology's capabilities to invade privacy and access sensitive information.

In the case of the attack on WhatsApp, Meta revealed that US officials as well as allies were also victimized by this.

Almost four years ago, the US Department of Commerce's Bureau of Industry and Security added the NSO Group as part of the so-called "Entity List," which includes other companies that are considered as a national security threat. Essentially, this is a blacklist for companies that are regarded to be significant risk to national security and foreign policy interests of the country.

Moreover, the NSO Group also saw another American company file a lawsuit against them for alleged security violations as Apple also went against the infamous firm. In Apple's case, it alleged that the NSO Group deployed a zero-click exploit called "ForcedEntry" against iPhones, and this allowed their technologies and those that brought them to remotely access devices.