Redazione RHC : 1 September 2025 09:37
A major legal breakthrough is upon us. A US court has ordered NSO Group, a notorious spyware maker, to pay $167 million to WhatsApp. This ruling stems from a 2019 hacking campaign in which over 1,400 WhatsApp users were compromised using NSO’s Pegasus spyware.
The lawsuit was filed by WhatsApp, which alleged violations of federal and state hacking laws, as well as violations of its terms of service. WhatsApp has confirmed it has fixed security vulnerabilities in its iOS and Mac apps that were exploited in these targeted espionage campaigns.
According to WhatsApp, the bug allowed hackers to secretly infiltrate the devices of a group of users, with fewer than 200 victims. The offending vulnerability is CVE-2025-55177, which has been fully fixed. Apple had already fixed a related vulnerability (CVE-2025-43300) that was exploited in parallel during the same campaign.
Meta (WhatsApp’s parent company) described it as a highly sophisticated attack, targeting only specific individuals. According to Mr. Donncha Ó Cearbhaill, Director of Amnesty International’s Security Lab (London, UK), the espionage campaign lasted approximately 90 days, starting at the end of May, using advanced spyware and “zero-click” techniques.
This means that devices were infected without the user having performed any action (zero-click). Through WhatsApp, attackers can steal data from the iPhone, including messages and other sensitive information. WhatsApp said it sent alerts directly to affected users, declining to disclose the origins of the campaign.
Meta spokesperson Margarita Franklin confirmed that the number of victims is less than 200 and said that a patch was distributed a few weeks ago. This isn’t the first time WhatsApp has been targeted by espionage. In 2019, Pegasus software from NSO Group (Israel) penetrated over 1,400 devices via WhatsApp, prompting the company to file a lawsuit and receive a $167 million settlement from a US court.
More recently, earlier this year, the platform also thwarted another espionage campaign that targeted approximately 90 people, including journalists and civil society representatives in Italy. Security experts recommend users regularly update their applications and operating systems to reduce the risk of being exploited via serious vulnerabilities.
The latest incident demonstrates once again that popular messaging platforms, such as WhatsApp, remain a potential gateway. for targeted cyber espionage campaigns.
Redazione