Meta asks for contempt over alleged NSO WhatsApp targeting after $4M win

Meta is asking a federal judge to hold NSO Group in contempt of court, accusing the Israeli surveillance-for-hire company of targeting WhatsApp users again despite a permanent injunction ordering it to stop. In a blog post on Monday, Meta said it disrupted “NSO-linked social engineering attempts” after investigating reports from users. The alleged playbook is familiar in structure even if the details are new: attempts to lure people into clicking malicious links that redirected them to websites outside WhatsApp, plus the creation of test accounts and groups inside the messaging app.

This is not a vague allegation dressed up as due process. Meta says it “successfully disrupted NSO-linked social engineering attempts” and compares the activity to previously reported “1-click phishing campaigns linked to NSO.” WhatsApp also published a handful of domains it said were linked to the campaign, including ikhwancast[.]com, ghazacast[.]com, and fr24cast[.]com, and said it was releasing indicators so organizations can identify related activity. Meta’s contempt filing follows years of courtroom escalation, including the moment that matters for anyone tracking whether legal leverage changes behavior.

That moment came from a US court finding NSO liable in December 2024 for hacking WhatsApp users via its Pegasus spyware. In May 2025, a jury awarded Meta roughly $168 million in damages. But the judge later cut that figure to $4 million while issuing the permanent injunction barring NSO from targeting WhatsApp or its users. So Meta is not arguing NSO lost a case and is now “disputing facts” in some abstract sense. The argument embedded in the contempt request is that NSO allegedly kept operating in the exact lane the injunction was supposed to shut.

Meta’s filing and blog language frame the spyware issue as more than a civil dispute. In the company’s words, last year WhatsApp “secured a landmark verdict and permanent injunction barring NSO Group... from targeting WhatsApp and its users ever again.” Meta is now directly asking the court to treat a continued pattern as a failure to comply, writing, “Today, we’re asking the court to hold them in contempt of that order.” The key practical frustration is also clear: Meta provided few technical details beyond what it described and the domains it associated with the campaign. It did not disclose when the activity occurred, how many users were targeted, whether any compromises succeeded, or how it attributed the operation to NSO.

That limited technical transparency is its own governance problem. For the executives and security teams watching this story, it means there is signal, but not the full forensic picture. Meta and WhatsApp did take a concrete step by publishing indicators. Still, attributing spyware-linked campaigns typically depends on a mix of telemetry, infrastructure patterns, and linkages that outside organizations may not fully replicate. The point is not that Meta is wrong to withhold details, but that the compliance question becomes harder for the broader ecosystem when accountability is litigated at the same time as defenses must be rapidly operationalized.

For boards and leadership teams, the incentive structure is the real backdrop. Even after court losses, commercial spyware vendors may still calculate that the upside from continued targeting outweighs enforcement risk. The source frames this as a long-running legal battle, but the latest episode suggests the cycle is not ending with verdicts. If NSO-linked attempts are accurate, a court win, even one followed by a permanent injunction, did not automatically translate into a business shutdown around a high-value target like WhatsApp.

The regulatory and policy framing also matters. WhatsApp’s accompanying statement takes a hard line on the spyware industry. It argues that because a malicious company on the US government’s Entity List continues to defy US courts, “existing restrictions must remain firmly in place.” It adds that easing them would undermine US national security and put American companies and “billions of people worldwide who depend on secure communications” at risk. That is not just rhetoric. It connects an enforcement outcome in one lawsuit to the policy question governments face: do they keep export and trade restrictions, or loosen them once legal decisions happen?

Second-order implications follow quickly for other large platforms and enterprises. If the enforcement mechanism is a contempt fight rather than a compliance pivot, it signals that legal process is slower than threat actors’ willingness to experiment. It also implies that security leadership cannot treat injunctions as “done.” They still need monitoring for user-reported social engineering, link redirection behaviors, and infrastructure indicators like domains. For companies that rely on secure messaging at scale, the strategic stake is simple: the system is only as stable as the incentives that keep adversaries out of the inbox.

Meta’s request to hold NSO in contempt, paired with the claim that the alleged targeting continued after the injunction, turns the story into a test case for what legal outcomes actually do. For decision-makers at regulators, tech platforms, and major enterprise users, this is the unresolved question behind the headlines: when a court order exists, and a vendor allegedly keeps running the same kind of campaign, what changes next. In this story, the answer appears to be: back to court, this time with the contempt lever.