NSO Group Hit with $168 Million Fine for Using Pegasus Spyware to Target WhatsApp Users

In a historic legal victory for digital privacy, a U.S. federal jury has ordered Israeli surveillance firm NSO Group to pay $168 million in damages to Meta-owned WhatsApp. The ruling comes after WhatsApp accused the company of illegally using its Pegasus spyware to target over 1,400 individuals across 51 countries, including journalists, activists, and dissidents.

How the Attack Happened

The attackers exploited a zero-day vulnerability in WhatsApp’s voice calling feature — identified as CVE-2019-3568 with a CVSS score of 9.8 — allowing Pegasus to be silently installed on users’ devices, even without answering the call. The malicious traffic passed through WhatsApp’s servers in California on at least 43 occasions in May 2019. 

Breakdown of Targeted Countries:

• Mexico: 456 victims
• India: 100 victims
• Bahrain: 82 victims
• Morocco: 69 victims
• Pakistan: 58 victims

Jury’s Verdict and WhatsApp's Response

The jury awarded WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for engineering efforts to mitigate the spyware attack.

"This case made history when the court found that NSO broke federal and state laws in the U.S.," said Will Cathcart, head of WhatsApp. "Today’s verdict is a major step forward in holding spyware developers accountable."

Meta also revealed plans to seek a permanent injunction to prevent NSO Group from targeting WhatsApp again, while committing a donation to global digital rights organizations supporting victims of surveillance.

KINHANK K16 Pro 16" Portable Gaming Monitor 2.5K HD 144Hz + Google TV

Now: USD 208.78 USD 349.63

🎟️ Use Code: EVG14KCNBB14 to save $5

Click & Buy

NSO's Defense and Legal Fallout

NSO Group argued its software was intended to help governments fight terrorism and child exploitation. However, Judge Phyllis J. Hamilton noted that the company couldn’t disassociate itself from how clients used its tools while claiming to support law enforcement.

Court documents revealed that NSO spends tens of millions of dollars annually to improve malware delivery techniques via messaging apps, browsers, and operating systems — and that its spyware still poses a threat to both Android and iOS devices.

What’s Next?

Despite being sanctioned by the U.S. government in 2021, NSO Group says it will appeal the decision. In contrast, Apple dropped its separate lawsuit against NSO in September 2024, citing concerns over exposing its internal security framework.

The ruling marks a significant moment in the global fight against unlawful surveillance and is seen as a powerful warning to the spyware industry.