NSO Group was founded in 2010 and since then has been developing various legal malvari, which, along with exploits for various 0-days, it sells to governments and special services around the world. NSO Group was widely known in 2016-2017, when information security experts discovered the powerful spy tools Pegasus and Chrysaor, developed by the company and designed for iOS and Android.
Then the experts called the NSO Group nothing more than “cyber weapons dealers,” and the company, which did not even have a public website and always tried to stay in the background, was forced to issue an official statement. It stated that “the NSO’s mission is to make the world a safer place by delivering technologies to authorized government agencies that help them fight crime and terrorism.”
The cause of the lawsuit was WhatsApp's zero-day vulnerability, which Facebook claims was sold to the NSO Group, and then the company helped use the problem to attack human rights defenders, journalists, political dissidents, diplomats, and government officials. According to judicial documentsIn total, over 1100 people in Bahrain, the United Arab Emirates and Mexico were affected by the attacks in 11 days. Facebook already sent all affected special messages on WhatsApp.
Let me remind you that this 0-day problem became known in May of this year. Then edition Financial times claimed that the NSO Group developed an exploit for a problem that abused the functionality of WhatsApp VoIP calls. So, the victim received a call on WhatsApp, and specially created RTCP packages allowed the attacker to run malicious code on the device, which led to the installation of Pegasus (regardless of whether the victim used Android or iOS). As a result, Facebook developers were forced to release urgent updates and fixed the vulnerability, but then the company did not make any official statements, apart from the publication of several simple recommendations.
Now representatives of Facebook told reporters Washington Postthat they gathered enough evidence of the involvement of the NSO Group in this incident and considered it necessary to bring to court. So, the attacks turned out to be coupled with the servers and hosting services that had previously been associated with the NSO Group, and, in addition, some WhatsApp accounts used during the attacks were also tracked to an Israeli company.
The social network intends to hold NSO Group accountable, including under the law on computer fraud and abuse, proving that the company was associated with an active hacker campaign and is engaged not only in legal business.
Representatives of NSO Group have already responded to what is happening, said that they intend to deal with the allegations and once again assured the mediathat provide their technology only to licensed government, intelligence and law enforcement agencies to help those fight terrorism and crime. The company claims to comply with UN laws and recommendations, stopping any abuse of its products.