On 6 May, WhatsApp recorded a major win against the NSO group when a jury ordered the notorious spyware manufacturer to pay more than $ 167 million to the Meta -owned company.
The ruling concluded a legal battle for more than five years, which began in October 2019 when WhatsApp accused the NSO group of hacking more than 1,400 users by taking advantage of vulnerability in audio-wedding functionality of the chat app.
The verdict came after a week -long jury trial that included several testimony, including NSO Group CEO Yaron Shohat and WhatsApp employees who responded and investigated the incident.
Even before the test began, the case had revealed several revelations, in which the NSO group had cut off its 10 government customers to misuse their Pegasus Spaiware, 1,223 locations of the victims of spyware campaign and the three of the three of the Spiware Maker: Mexico, Saudi Arabia, and Uzbekistan.
Techcrunch read the court tapes over 1,000 pages of trial hearing. We have highlighted the most interesting facts and revelations below.
New testimony explained how WhatsApp attack worked
“Zero-clicical attacks, meaning that spyware needed a target, worked on the target,” WhatsApp lawyer Antonio Perez said during the trial, “a fake WhatsApp phone calls. “The lawyer explained that the NSO group called the” WhatsApp installation server “, which is a special machine designed to send malicious messages to the infrastructure of WhatsApp that mimics real messages.
“Once received, they would trigger the message user's phone to reach the third server and download the Pegasus Spaiware. They needed only one thing to do so,” said Perez.
Research and Development Vice President of NSO Group Tamir Gazeli testified that “any zero-click solution is an important milestone for Pegasus.”
The NSO admitted that after the case was filed, it kept targeting WhatsApp users
According to NSO Group's Research and Development Vice President Tamir Gazeli, after the spyware attack, WhatsApp filed its case against the NSO Group in November 2019. Despite the active legal challenge, the spyware manufacturer targeted users of the chat app.
Gazeli stated that “Eleed,”, was used from the end of 2019 to May 2020 for one of the WhatsApp Zero-click vector versions. Other versions were called “Eden” and “heaven” and all three were collectively known as “Humingbird”.
The NSO confirmed that it targets an American phone number as a test for the FBI
Contact us
Do you have more information about NSO group, or other spyware companies? From a non-functioning device and network, you can safely contact the Lorenzo francici-bichai via +1 917 257 1382, or telegram and kebase @lorenzofb, or via email.
Over the years, the NSO group has claimed that its spyware cannot be used against the American phone numbers, which means any cell number which starts with the +1 country code.
In 2022, the New York Times first reported that the company “attacked” on the US phone, but it was part of a test for FBI.
The NSO Group's lawyer Joe Acharotyriankis confirmed that the “single exception” for Pegasus is not able to target the +1 number “was a particularly configured version of Pegasus used in the performance of potential American government customers.”
The FBI allegedly selected Pegasus not to deploy after its test.
How to use NSO government customers Pegasus
NSO CEO Shoht reported that the user interface of Pegasus for its government customers does not provide an option to choose which hacking method or technology they use to use against those goals, “Because customers do not care about which vector they use, until they get intelligence information.
In other words, it is the pegasus system in the backnd which chooses the hacking technique known as an exploitation every time to target a person.
NSO says it employs hundreds of people
Shohat revealed a small but remarkable expansion: NSO Group and its original company, Q Cyber, have a combined number of total employees between 350 and 380. About 50 of these employees work for Q Cyber.
NSO headquarters shares the same building as Apple
In a strange coincidence, the headquarters of the NSO Group in Hurzlia, Tel Aviv in Israel, is in the building similar to Apple, whose iPhone customers are often targeted by NSO's Pegasus Spyware. Shohat said that NSO occupies the top five floors and apples occupy the remaining part of the 14-mangila building.
“We share the same lift when we go up,” Shohat said during the testimony.
The fact is that the headquarters of the NSO group is openly advertised, somewhat interesting in itself. Other companies that develop spyware or zero-day like Barcelona-based variant, which were closed in February, were located at a co-functioning place claiming to be located elsewhere on their official website.
The cost of Pegasus spyware is millions to European customers
During its testimony, an employee of an NSO group revealed that the company accused European customers of reaching their pegasus spyware between 2018 and 2020, saying that the “standard price” is $ 7 million, as well as an additional $ 1 million for “secret vector” either.
These new details were included in a court document without full reference to testimony, but it is an idea of how much the cost of governments paying advanced spyware like Pegasus. While not clearly defined, “secret vectors” probably refer to stolen techniques used to apply spyware on target phones, such as zero-click exploitation, where a Pegasus operator does not need to be interacted with the message or clicking on the link to hack with the message to the victim.
Spyware and zero-day prices can vary depending on many factors: customers, given that some spyware manufacturers charge more while selling countries such as Saudi Arabia or United Arab Emirates, for example; The number of concurrent goals that customers can spy at any time; And feature add-on, such as zero-click capabilities.
All these factors can explain why an European customer would pay $ 7 million in 2019, while Saudi Arabia allegedly paid $ 55 million and Mexico paid $ 61 million over a period of several years.
NSO describes a serious condition of finance
During the test, Shohat answered questions about the company's finance, some of which were done in the deposits before the test test. These details were introduced in the regard that the spyware manufacturer should pay to WhatsApp.
According to the discord and documents provided by the NSO group, the spyware manufacturer lost $ 9 million in 2023 and $ 12 million in 2024. The company also revealed that it has $ 8.8 million in its bank account as 2023 and $ 5.1 million in the bank as 2024.
In addition, it was discovered that Q Cyber had about $ 3.2 million in the bank in both 2023 and 2024.
During the test, the NSO revealed its research and development unit – responsible for finding weaknesses in the software and spent some $ 52 million in expenses during 2023 and $ 59 million in 2024 during 2023. Shohat also said that NSO group customers pay for their pegasus spyware between $ 3 million and “ten times” in “somewhere” range.
Factoring in these numbers, spyware manufacturer was expecting very little or any loss to go away.
“To be honest, I don't think we are able to pay anything. We are struggling to keep our heads above the water,” Shohat said during his testimony. “We are committed to ourselves [chief financial officer] Just to prioritize expenses and ensure that we have enough money to meet our commitments, and obviously on a weekly basis. ,
The first was published on 10 May 2025 and updated with additional details.