Meta Files Contempt Order Against Israeli Spyware Firm NSO Group Over WhatsApp Attacks

Meta filed a motion for contempt in a U.S. district court in the Northern District of California on June 8, 2026, accusing NSO Group of violating a permanent injunction issued in the prior Meta v. NSO case that concluded in 2025. Court documents reviewed by Reuters state that Meta seeks further U.S. government action against the Israeli firm for continued targeting of WhatsApp users. The filing references the earlier $168 million judgment and the injunction that barred NSO from accessing WhatsApp servers or exploiting its users. As reported by the Jerusalem Post, the Herzliya-based spyware firm now faces renewed legal pressure in U.S. federal court. The contempt motion represents the most significant escalation in the legal battle since the original ruling, with Meta arguing that NSO's conduct demonstrates a willful disregard for court authority that requires stronger enforcement measures.

The Contempt Filing and the $168 Million Precedent

According to court filings reviewed by Reuters, Meta argued that NSO Group never ceased operations against WhatsApp after the 2025 permanent injunction. The injunction explicitly prohibited NSO from any further access to WhatsApp accounts or servers following the $168 million Pegasus spyware ruling. Meta's new motion claims the Israeli firm resumed prohibited activities through new technical methods that circumvented prior detection systems.

The New York Times reported on June 8 that the prior lawsuit established NSO's liability for deploying Pegasus spyware against WhatsApp users worldwide. That ruling included both monetary damages and the permanent injunction that remains in force. Meta's contempt filing asserts that NSO's post-injunction conduct directly contravenes those terms. The court found in 2025 that NSO had exploited WhatsApp's infrastructure to deliver surveillance software to over 1,400 devices globally.

Benzinga noted that Meta is requesting additional sanctions and enforcement measures from U.S. authorities beyond the existing court order. The filing emphasizes that NSO's actions demonstrate a pattern of disregard for U.S. judicial decisions. Court records show Meta presented evidence of ongoing targeting attempts after the injunction took effect, including specific timestamps and IP addresses linked to NSO infrastructure.

The Jerusalem Post reported that NSO Group is headquartered in Herzliya, north of Tel Aviv, and develops cyber intelligence tools including the Pegasus platform. The contempt motion places the company's activities under renewed scrutiny in U.S. federal court. Meta's legal team cited specific instances of continued WhatsApp exploitation attempts as clear violations of the 2025 order. The filing requests that the court hold NSO in contempt and impose additional remedies including expanded monitoring requirements.

How WhatsApp Blocked the Spear-Phishing Campaign

Meta stated in a court submission that its WhatsApp security team detected and blocked spear-phishing attacks before any devices were compromised. The attacks used one-click links sent to users in Jordan and Lebanon. According to the filing reviewed by Reuters, these attempts occurred after the permanent injunction was already active and represented new violations of the court order. Meta described the blocking operation as a coordinated effort that neutralized the threat before any user data could be intercepted or devices infected.

The New York Times reported on June 8 that NSO employed a new variant of its exploitation technique aimed at bypassing prior WhatsApp defenses. WhatsApp engineers identified the malicious links and prevented payload delivery. Meta documented these incidents as evidence that NSO continued targeting despite the explicit court prohibition. The security team preserved forensic data including network logs and message metadata for the contempt proceeding.

CryptoBriefing cited Meta's argument that the one-click attacks represented a direct breach of the injunction's terms. These attacks involved sending links that appeared legitimate but redirected to malicious infrastructure controlled by NSO. No user devices were reported infected as a result of the blocked campaign. The company maintained that the sophistication of the new techniques indicated deliberate circumvention rather than accidental contact.

TheNextWeb reported that Meta presented logs showing repeated targeting of WhatsApp accounts in Jordan and Lebanon. The company asserted that these efforts violated the explicit bar on accessing or exploiting WhatsApp infrastructure. WhatsApp's security team published technical details of the blocking methods, demonstrating how they identified and neutralized the phishing links before they could compromise target devices.

Israel's Regulatory Framework for Cyber Exports

The Israeli Defense Ministry grants export licenses for cyber products under the Defense Export Control Law through its SIBAT unit. According to statements reviewed by Reuters, all Pegasus-related exports require prior approval from this process. NSO Group operates within this licensing system for its international sales to government clients. The Defense Export Control Law establishes SIBAT's authority to review and approve or deny transactions involving defense technologies.

The Jerusalem Post reported that SIBAT reviews applications to ensure compliance with Israeli national security and foreign policy guidelines. The framework requires ongoing oversight of licensed cyber firms and maintains authority to revoke or condition export permits based on end-use concerns. The contempt motion does not allege any change in NSO's licensing status but focuses specifically on post-injunction conduct targeting WhatsApp users.

The U.S. Commerce Department blacklisted NSO in November 2021, according to records cited by Reuters. This action restricted the firm's access to U.S. technology and components. The combination of Israeli export controls and U.S. sanctions creates a dual regulatory environment that NSO must navigate for its operations. The contempt filing highlights the gap between licensed activities under Israeli law and the specific conduct alleged in the U.S. court action.

Benzinga noted that the regulatory framework has faced increasing scrutiny as legal cases against Israeli cyber firms mount. Other Israeli surveillance companies operating in the same space watch the case closely because a contempt finding could affect their own access to U.S. markets. The Israeli Ministry of Defense has not issued a public statement on the Meta filing as of this week.

Diplomatic and Market Fallout

The contempt proceeding arrives at a sensitive point in U.S.-Israel relations regarding cyber tools. Meta's filing explicitly calls for additional government measures beyond the existing Commerce Department blacklist. The New York Times reported on June 8 that NSO has faced prior allegations of targeting journalists, including associates of Jamal Khashoggi, as well as activists and human rights defenders across multiple countries.

Pegasus spyware enables remote access to messages, calls, and camera functions on smartphones. These prior reports form part of the context for the current U.S. court proceedings. The combination of the 2021 blacklisting and the 2025 $168 million judgment has already affected NSO's commercial relationships. Meta's new motion seeks to extend those consequences through further enforcement measures.

The case also affects Israel's broader tech sector reputation. Israeli cyber firms based in Herzliya, Tel Aviv, and the surrounding areas have long contributed to the country's defense capabilities and export economy. The Startup Nation brand faces challenges when Israeli cyber products become subjects of international legal disputes. The Jerusalem Post reported that NSO remains subject to both Israeli export controls and U.S. sanctions, creating a complex compliance environment that other Israeli cyber firms must also navigate.

The contempt proceeding could prompt additional diplomatic discussions between Jerusalem and Washington. Meta's filing requests coordinated action to address the alleged ongoing violations. Previous Israeli governments have defended the export licensing system as robust while acknowledging the diplomatic challenges posed by controversial sales. The Knesset's Foreign Affairs and Defense Committee has in the past held hearings on cyber export oversight, and this case may renew those discussions at the parliamentary level. Israeli officials have not commented publicly on the Meta filing, but the Ministry of Defense in Jerusalem is expected to review the allegations as part of its ongoing monitoring of licensed firms.

What Happens Next

According to court filings reviewed by Reuters, the Northern District of California will schedule hearings on Meta's contempt motion. NSO Group will have the opportunity to respond to the allegations of injunction violations. The court may consider additional sanctions including financial penalties, expanded compliance reporting requirements, or criminal referrals to U.S. enforcement agencies.

The New York Times reported on June 8 that Meta is urging federal authorities to impose further restrictions on NSO beyond the existing Commerce Department blacklist. Potential outcomes include expanded sanctions or referrals to the Department of Justice. The contempt proceeding operates separately from any parallel regulatory actions by U.S. government agencies, meaning NSO could face multiple simultaneous legal challenges.

Benzinga noted that the case could establish new precedents for enforcing injunctions against foreign cyber firms operating across international jurisdictions. Meta's legal team has indicated it will present additional technical evidence during the hearings regarding the forensic analysis of the phishing campaign. NSO has not yet filed its formal response in the public docket as of this report, though the company is expected to contest the allegations.

TheNextWeb reported that the court process will determine whether NSO faces stricter operational limits or additional monetary penalties. Meta continues active monitoring for further targeting attempts while the motion is pending. The June 8 filing represents the latest escalation in the ongoing legal dispute between the two companies, with implications that extend beyond this single case to the broader regulation of commercial spyware and the international enforcement of technology-related court orders.

By Hannah Berg, Staff Writer