Today, Facebook filed a lawsuit in the US against NSO Group, an Israeli company that sells spyware products. The social media giant claims that the NSO Group sold and was directly involved in the deployment of a zero-day WhatsApp to more than 1,400 users.
A Financial Times report claimed that the NSO Group had developed an exploit that exploited a bug in WhatsApp’s VoIP call system.
Targets would get a WhatsApp call, but specially crafted RTCP packets allowed an attacker to run malicious code that installed the Pegasus spyware kit by NSO Group on targeted devices-regardless of whether they were running Android or iPhones.
Facebook completes the investigation, file complaint “Now, after months of investigation, we can say who was behind this attack,” said Will Cathcart, Head of WhatsApp in Facebook, in an op-ed on the Washington Post.
“When we collected the details we received in our complaint, we found that the attackers used servers and Internet hosting services that had previously been connected to NSO.” In fact, when our complaint states, we linked some of the WhatsApp accounts used during the attacks back to NSO. While their attack was very sophisticated, their attempts to cover their tracks were not entirely successful, "said Cathcart.
WhatsApp zero-day use on 1,400 phones According to court documents, the attack targeted more than 1,400 devices belonging to lawyers, reporters, human rights activists, political dissidents, diplomats and other senior foreign government officials.
On the FAQ page published today on the WhatsApp website, Facebook said it sent “a special WhatsApp message” to alert all phone owners of the May attacks.