A recent court document reveals that NSO Group’s notorious Pegasus spyware was deployed against 1,223 WhatsApp users across 51 countries during a hacking campaign in 2019. This revelation emerged as part of WhatsApp’s legal battle against NSO Group, initiated in 2019, wherein WhatsApp accused the firm of exploiting a vulnerability in its messaging platform to conduct mass surveillance on users—including over 100 human rights activists and journalists.
Initially, WhatsApp estimated that about 1,400 users were targeted. However, the newly released document specifies the exact number of victims and their countries, providing remarkable insights into the global reach of the spyware. The analysis indicates the highest number of affected individuals were in Mexico (456), followed by India (100), Bahrain (82), Morocco (69), Pakistan (58), Indonesia (54), and Israel (51). Notable Western nations also recorded victims: Spain (21), the Netherlands (11), Hungary (8), France (7), the UK (2), and one in the US.
Cybersecurity expert Runa Sandvik highlighted that existing reports often overlook the extensive scale of surveillance, particularly the unreported cases and those who did not get their devices checked or chose not to go public with their experiences. The sheer volume of cases, especially in Mexico—where civil society is often targeted—underscores the severity of the spyware situation.
The investigation further revealed that the hacking campaign spanned merely two months, with WhatsApp indicating the attacks took place between April and May 2019. This raises concerns regarding the rapid and widespread use of powerful surveillance tools like Pegasus.
It’s vital to note that the presence of victims in certain countries does not necessarily confirm that those governments employed NSO’s spyware against them; clients may target individuals overseas. Interestingly, Syria is listed among the victims, despite NSO not being permitted to operate there due to international sanctions.
Additionally, the number of victims sheds light on NSO’s potential high-value customers. For example, Mexico is reported to have spent upwards of $60 million on NSO Group’s spyware, which could partly explain the significant number of victims from that nation.
In a critical update, a judge recently ruled in favour of WhatsApp, stating that NSO Group had violated U.S. hacking laws in its targeting practices. Moving forward, a hearing is set to address the damages that the spyware company may owe WhatsApp.
The ongoing lawsuit has also revealed that NSO disconnected ten government clients due to abuse of its spyware, with the per-year licensing fee for the WhatsApp hacking tool estimated at $6.8 million, contributing to NSO’s impressive revenue of at least $31 million in 2019. Both WhatsApp and NSO Group have not commented on this latest development.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
