A federal jury in the United States has ruled that Israeli company NSO Group must pay WhatsApp (Meta) $168 million for using Pegasus spyware to attack more than 1,400 users worldwide.
The ruling comes after Judge Phyllis J. Hamilton ruled in December 2024 that NSO Group violated US federal law by using WhatsApp servers to distribute Pegasus through a voice call vulnerability (CVE-2019-3568, CVSS: 9.8). The company systematically launched the spyware from servers located in California in May 2019. A total of 1,400 people from 51 countries were affected, including 456 users from Mexico, 100 from India, 82 from Bahrain, 69 from Morocco, and 58 from Pakistan.
- WhatsApp filed a lawsuit in 2019, accusing NSO of using Pegasus to spy on journalists, activists, and dissidents. NSO tried to justify its actions by citing the fight against terrorism and crime, but the court did not accept these arguments. In addition to the fine of 167,254,000 $ , NSO must pay an additional 444,719 $ for the efforts of WhatsApp engineers to block the attacks.
- NSO Group is known for creating the Pegasus spyware, which was used by governments to spy on civil society activists and journalists. After a series of scandals, the company was added to the US sanctions list in 2021. Apple previously dropped a similar lawsuit to avoid revealing information about its security infrastructure.
The ruling is a victory for human rights activists, as it sets a precedent for holding companies accountable for using spyware against users. Meta plans to use the compensation to support digital rights organizations around the world.
69 
69 
62 