On Tuesday, Whatsapp scored a significant victory over the NSO group when a jury ordered the famous Spyware manufacturer to pay more than $ 167 million in compensation to the company owned by the post-ownership.
The decision came to a legal battle extending over more than five years, which began in October 2019, when Whatsapp accused the NSO for hacking team more than 1,400 of its users, utilizing a vulnerability in Appling Calling.
The verdict came after a weekly trial of the jury that included several testimonies, including NSO Yaron Shohat CEO and WhatsApp officials who responded and investigated the incident.
Even before the trial began, the case had discovered several revelations, including the NSO Group, had interrupted 10 of its government clients to abuse Pegasus Spyware, the positions of 1,223 of the victims of the Spyware campaign and the names of three of the Spyware Maker’s customers: Uzbekistan.
TechCrunch reads the test transcripts of the test and highlights the most interesting events and revelations that came out. We will update this post as we learn more of the cache of more than 1,000 pages.
Testimony described how the Whatsapp attack worked
Zero -click attack, which means that spyware did not require interacting with the target, “worked by placing a fake Whatsapp phone call on the target,” said WhatsApp Antonio Perez said during the trial. The lawyer explained that the NSO group had built what was called “WhatsApp Installation Server”, a special machine designed to send malicious messages to the entire WhatsApp infrastructure that mimics the real messages.
“Once taken, these messages will turn on the user’s phone to reach a third server and download Pegasus Spyware. The only thing that had to happen was the phone number,” Perez said.
NSO Tamir Gazneli’s Vice President of Research and Development has testified that “any zero -click solution is an important milestone for Pegasus”.
NSO Group confirms that it targets an American phone number as a test for FBI
Contact us
Do you have more information about NSO Group or other Spyware companies? From a device and non-work network, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or through the telegram and keybase @lorenzofb or email.
For years, the NSO Group has claimed that spyware cannot be used against US telephone numbers, which means any number of cells starting with the country code +1.
In 2022, New York Times mentioned for the first time That the company “attacked” a US phone but was part of a test for the FBI.
NSO lawyer Joe Akrotirianakis confirmed this, saying that the “single exception” in Pegasus was not able to target +1 numbers “was a specially designed version of Pegasus to be used on demonstration of possible US government customers.”
The fbi Reportedly Do not develop Pegasus after testing it.
How the NSO Group Group Customers use Pegasus
NSO CEO Shohat explained that Pegasus’s interface for its government clients does not provide the option to choose which method of hacking or technique to use the goals they are interested in “because customers are not interested in the vector they use if they get the intelligence they need”.
In other words, it is the PEGASUS system in the backend that chooses which hacking technology, known as exploitation, to use every time spyware targets a person.
NSO Group headquarters share the same building as Apple
In a funny coincidence, the NSO Group headquarters At Herzliya, a suburb of Tel Aviv in Israel, is in the same building as an applewhose iPhone customers are also often targeted at the NSO Pegasus Spyware. Shohat said the NSO occupies the top five floors and Apple occupies the rest of the 14 -storey building.
“We share the same lift when they go up,” Shohat said during the testimony.
The fact that the NSO Group headquarters are advertised openly is somewhat interesting in itself. Other companies developing spyware or zero days, such as Barcelona -based Variston, which closed in February, was in a cooperation site, claiming its official website somewhere else.
The NSO Group admitted that it continued to target WhatsApp users after submitting the lawsuit
Following the Spyware attack, WhatsApp filed its lawsuit against the NSO Group in November 2019. Despite the active legal challenge, the Spyware manufacturer continued to target users of the conversation application, according to NSO Tamir Gazneli’s Vice President.
Gazneli said “Erized”, Codename for one of the zero -click editions of Whatsapp, was used from the end of 2019 to May 2020.
The NSO says it employs hundreds of people
NSO CEO Yaron Shohat has revealed a small but remarkable detail: NSO Group and its parent company, Q Cyber, have a combined number of employees totaling between 350 and 380. About 50 of these employees work for Q Cyber.
The NSO Group describes Directs Finances
During the trial, Shohat answered questions about the company’s finances, some of which were revealed in deposits before the trial. These details have appeared in relation to how much the spyware manufacturer has to pay to whatsApp.
According to Shohat and the documents provided by the NSO group, the manufacturer Spyware lost $ 9 million in $ 2023 and $ 12 million in 2024. The company also revealed that it had $ 8.8 million in its bank account from $ 2023 and $ 5.1 million in the bank.
It was also revealed that Q Cyber had about $ 3.2 million in the bank in both 2023 and 2024.
During the trial, the NSO revealed the Research and Development Unit – responsible for finding vulnerabilities in the software and calculating how to exploit them – spent about $ 52 million on costs over 2023 and $ 59 million in 2024.
Factoring in these numbers, the spyware manufacturer hoped to get out of the payment of little or no damage.
“To be honest, I don’t think we are able to pay anything. We are struggling to hold our heads over the water,” Shohat said during his testimony. ‘We are committed to mine [chief financial officer] Just to prioritize expenses and ensure that we have enough money to meet our commitments and obviously on a weekly basis. ”
It was first published on May 10, 2025 and was informed in additional details.
