The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service.
The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware.
WhatsApp parent Facebook, now called Meta Platforms Inc., is trying to block NSO from Facebook platforms and servers and recover unspecified damages.
NSO argued that it should be recognized as a foreign government agent and therefore be entitled to immunity under U.S. law limiting lawsuits against foreign countries. The request appeals a pair of earlier federal court rulings that rejected similar arguments by the Israeli company.
The Biden administration recommended that the court turn away the appeal. The Justice Department wrote that “NSO plainly is not entitled to immunity here.”
NSO’s flagship product, Pegasus, allows operators to covertly infiltrate a target’s mobile phone, gaining access to messages and contacts, the camera and microphone and location history. Only government law enforcement agencies can purchase the product and all sales are approved by Israel’s Defense Ministry, NSO said. It does not identify its clients.
WhatsApp says at least 100 of the users connected to its lawsuit were journalists, rights activists and civil society members. Critics have said that NSO’s clients include Saudi Arabia, the United Arab Emirates, Jordan and Poland and that those countries have abused the system to snoop on critics and stifle dissent.
NSO said it has safeguards in place to prevent abuses, although the company also said it has no control over how its clients use the product.
The WhatsApp case is among a series of legal battles plaguing NSO. In a separate lawsuit, Apple says it aims to prevent NSO from breaking into products. It claimed Pegasus had affected a small number of iPhone users worldwide, calling NSO’s employees “amoral 21st century mercenaries.”
In November, journalists from an investigative news outlet in El Salvador also sued NSO in a U.S. court after Pegasus spyware was detected on their iPhones.
“NSO’s spyware has enabled cyberattacks targeting human rights activists, journalists, and government officials. We firmly believe that their operations violate U.S. law and they must be held to account for their unlawful operations,” WhatsApp spokesperson Carl Woog said in a statement.
A lawyer for the journalists who sued also praised the court’s action. “Today’s decision clears the path for lawsuits brought by the tech companies, as well as for suits brought by journalists and human rights advocates who have been victims of spyware attacks,” Carrie DeCell, senior staff attorney at the Knight First Amendment Institute at Columbia University, said in a statement.
In its own statement, NSO said: “We are confident that the court will determine that the use of Pegasus by its customers was legal.”
NSO also has been blacklisted by the U.S. Commerce Department, limiting its access to U.S. technology. U.S. officials said the company’s products were complicit in “transnational repression.”
Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation
Related: US Puts New Controls on Israeli Spyware Company NSO Group
Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days
Related: Apple Confirms New Zero-Day Attacks on Older iPhones

More from Associated Press
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- South Dakota’s Noem Says Cell Phone Number Hacked
- Learning to Lie: AI Tools Adept at Creating Disinformation
- Microsoft Invests Billions in ChatGPT-Maker OpenAI
- Mississippi Creates New Cyber Unit, Names 1st Director
- FBI Chief Says He’s ‘Deeply concerned’ by China’s AI Program
- Ransomware Shuts Hundreds of Yum Brands Restaurants in UK
- EU’s Breton Warns TikTok CEO: Comply With New Digital Rules
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
