-
WhatsApp caught NSO Group launching fresh Pegasus spyware attacks on June 8, 2026, in direct violation of a standing federal court order.
-
NSO Group previously faced a $167 million damages verdict, a permanent platform ban, and a US government blacklist, yet continued operating.
-
The new attacks used phishing links and fake accounts to target Arabic-speaking users through domains themed around Gaza and the Muslim Brotherhood.
A federal court banned NSO Group from ever targeting WhatsApp users again. The US government banned the company. A jury handed down a $167 million damages verdict against them. None of it stopped them.
On June 8, 2026, WhatsApp caught NSO Group running fresh Pegasus spyware attacks. New phishing links. Also new fake accounts. New targets. Same spyware. Same company. The court order meant nothing.
Pegasus Returns Despite Court Ban
NSO Group first made global headlines in 2019, when WhatsApp discovered the company had compromised more than 1,400 of its users through Pegasus. The targets were not criminals. They included journalists, lawyers, activists, and dissidents, people whose work drew attention from powerful interests.
Pegasus is not ordinary malware. Once it lands on a device, it reads private messages, activates the microphone, activates the camera, and tracks the user’s physical location. The infected person typically has no idea anything is wrong. By the time anyone discovers the intrusion, the damage has already happened.
WhatsApp took NSO to court in the United States. A jury found NSO liable and awarded $167 million in damages. A federal court later reduced that figure to $4 million, but also issued a permanent injunction barring NSO from ever using WhatsApp’s systems to target users again. The US government then placed NSO on its trade banned in 2021, citing the company as a threat to national security.
NSO Group ignored all of it. WhatsApp confirmed the new attacks on June 8, 2026.
How the New Attacks Work
The latest campaign uses phishing techniques to reach its targets. NSO, or those operating its tools, set up fake accounts and crafted malicious links designed to deceive users into clicking. The attackers focused specifically on Arabic-speaking users, building domain names that referenced Gaza and the Muslim Brotherhood.
The framing is deliberate. Attackers build lures around topics their targets already follow closely. A journalist covering the Gaza conflict clicks a link about Gaza. An activist monitoring regional politics clicks on something that looks relevant. Pegasus does the rest.
This approach reflects a broader pattern in how state-linked spyware operates. The bait changes with each campaign. The underlying tool and the outcome stay the same.
As spyware threats evolve, European governments are taking matters into their own hands. Several countries are building their own messaging apps to reduce reliance on US platforms and improve security.
NSO Group operates under the oversight of Israel’s Ministry of Defense. According to multiple reports, Israeli authorities must approve every Pegasus sale and deployment. That structure places direct governmental accountability at the center of how and where the spyware gets used.
A Pattern Courts have Failed to Break
The June 2026 discovery puts the spotlight back on a problem that legal action alone has not solved. Courts can issue bans. Governments can issue a ban. Neither has stopped Pegasus from resurfacing.
WhatsApp won in court, but NSO continued operating. The company rebranded, restructured, and carried on selling surveillance tools to government clients around the world. The $4 million damages award barely registers as a consequence for a company whose tools reportedly sell for millions per deployment.
Spyware cases like this one follow a familiar cycle. A researcher or platform discovers an attack. The company behind it faces scrutiny. Investigations and lawsuits follow. Then, months or years later, the same tools surface again under new circumstances.
The targets of Pegasus have consistently included people the public relies on: journalists who report on governments, lawyers who challenge them, and activists who organize against them. Surveillance tools that reach into private communications do not stay contained to one group or one country.
The June 8 discovery shows that court orders and export controls, on their own, do not close that door. As long as tools like Pegasus remain available and deployable, the question is not whether they will appear again. It is who they will reach next.