Hubbry Logo
NSO GroupNSO GroupMain
Open search
NSO Group
Community hub
NSO Group
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
NSO Group
NSO Group
NSO Group
View on Wikipedia
from Wikipedia

NSO Group Technologies Limited (NSO standing for Niv, Shalev, and Omri, the names of the company's founders) is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones.[3] It employed almost 500 people as of 2017.[2][4][5]

Key Information

NSO claims that it provides authorized governments with technology that helps them combat terror and crime.[6][7] The company says that it deals with government clients only.[8] Pegasus spyware is classified as a weapon by Israel and any export of the technology must be approved by the government.[9]

According to several reports, NSO Group spyware has been used to target human rights activists and journalists in various countries,[10][11][12] was used for state espionage against Pakistan,[13] for warrantless domestic surveillance of Israeli citizens by Israeli police,[14] and played a role in the murder of Saudi dissident Jamal Khashoggi by agents of the Saudi government.[15]

In 2019, instant messaging company WhatsApp and its parent company Meta Platforms (then known as Facebook) sued NSO under the United States Computer Fraud and Abuse Act.[6][7] In 2021, Apple filed a lawsuit against NSO in the U.S.,[16] and the US included NSO Group in its Entity List for acting against U.S. national security and foreign policy interests, effectively banning U.S. companies from supplying NSO.[17]

Corporate profile

[edit]

Overview

[edit]

NSO Group is a subsidiary of the Q Cyber Technologies group of companies.[7] Q Cyber Technologies is the name the NSO Group uses in Israel, but the company goes by OSY Technologies in Luxembourg, and in North America, a subsidiary formerly known as Westbridge. It has operated through various other companies around the world.[18]

Founding

[edit]

NSO Group was founded in 2010 by Niv Karmi, Shalev Hulio, and Omri Lavie.[19][20][21] Hulio and Lavie were school friends who went into the technology start-up sector during the mid-2000s. The pair founded a company - CommuniTake - which offered a tool that let cellphone tech support workers access the customers' devices (but necessitating that the customer grant permission to enable access). After a European intelligence agency expressed interest in the product, the pair realised they could instead develop a tool that could gain access to phones without user authorisation, and market it to security and intelligence agencies. Karmi, who served in military intelligence and the Mossad, was brought on board to help market the tool with the help of his contacts. The first iteration of NSO's Pegasus spyware was finalised in 2011.[8]

Operations

[edit]

NSO Group has come to employ over 700 personnel globally. Almost all of NSO's research team is made up of former Israeli military intelligence personnel, most of them having served in Israel's Military Intelligence Directorate, and many of these in its Unit 8200. The company's most valuable staff are graduates of the military intelligence's highly selective advanced cyberweapons training programs. NSO seeks to uncover a surfeit of zero-day exploits in target devices to ensure smooth continuous access even as some of the security vulnerabilities exploited by NSO are inevitably discovered and patched, with labs in the company's Herzliya headquarters featuring racks stacked with phones being tested against new exploits.[8]

Relationship with the Israeli state

[edit]

Pegasus spyware is classified as a military export by Israel and its sale is controlled by the government.[9] According to The New York Times, "Israel's government has long seen Pegasus as a critical tool for its foreign policy."[22] and that it "[...] has treated NSO as a de facto arm of the state, granting licenses for Pegasus to numerous countries [...] with which the Israeli government hoped to nurture stronger security and diplomatic ties."[23] Israel has used the sale of NSO products as a diplomatic bargaining chip to advance its foreign policy interests as well as limiting its sale to[8][22] or its use against certain states to maintain good relations with certain states.[8] Israel has faced criticism for approving the sale of NSO technologies to countries with poor human rights records.[24] U.S. intelligence officials have also said the Israeli state presumably has backdoor access to data obtained by Pegasus. NSO denies being "a tool of Israeli diplomacy", and denies the presence of a backdoor in its spyware tools.[25]

Israel, wary of angering the U.S. in the wake of the Snowden revelations, required NSO to prevent Pegasus from targeting American phone numbers. Israel has used Pegasus to advance its interests in the region, with Pegasus playing a role in negotiating the Abraham Accords. A New York Times investigation highlighted several instances in which the sale of Pegasus to a particular government coincided with that government's increased support of Israel.[8] Israel has used Pegasus sales in its diplomatic efforts to forge a united front against Iran, thus clearing the sale of the spyware to Azerbaijan, Morocco, the UAE, and Saudi Arabia.[26]

The Israeli government blocked the sale of Pegasus to Estonia and Ukraine for fear that Israel's relations with Russia would be damaged if the spyware was used against Russia. Israel initially authorised the export of Pegasus to Estonia (which made a $30 million down payment to obtain the system), but after a senior Russian official approached Israeli security agencies and informed them that Russia had learned of Estonia's attempts to obtain Pegasus, the Israeli Ministry of Defense decided to disallow Estonia from using Pegasus against any Russian phone numbers following a heated debate on the issue among Israeli officials, and subsequently blocked the sale.[22]

Corporate history

[edit]

The company's start-up funding came from a group of investors headed by Eddy Shalev, a partner in venture capital fund Genesis Partners which invested a total of $1.8 million for a 30% stake.[27][19]

In 2013, NSO's annual revenues were around US$40 million.[19][28]

In 2014, the U.S.-based private equity firm Francisco Partners bought the company for $130 million.[29]

In 2014, the surveillance firm Circles (which produces is a phone geolocation tool) was acquired by Francisco Partners for $130 million, and thus became a corporate affiliate of NSO's.[30]

In 2015, Francisco was seeking to sell the company for up to $1 billion.[28]

Annual revenues were around $150 million in 2015.[19][28]

In June 2017, the company was put up for sale for more than $1 billion by Francisco Partners (roughly ten times what Francisco originally paid to acquire it in 2014).[4] At the time it was put up for sale, NSO had almost 500 employees (up from around 50 in 2014).[4]

On February 14, 2019, Francisco Partners sold a majority (60%) stake of NSO back to co-founders Shalev Hulio and Omri Lavie, who were supported in the purchase by European private equity fund Novalpina Capital[31] which specialises in investments in controversial companies.[26] Hulio and Lavie invested $100 million, with Novalpina acquiring the remaining portion of the majority stake, thus valuing the company at approximately $1 billion.[32] The day after the acquisition, Novalpina attempted to address the concerns raised by Citizen Lab with a letter, stating their belief that NSO operates with sufficient integrity and caution.[33]

In July 2021, investors in Novalpina Capital stripped Novalpina Capital of control over its assets (including NSO) after an unresolved personal dispute amongst the co-founders of Novalpina Capital.[34] Berkeley Research Group (BRG), a California-based consultancy firm, was subsequently handed control over the assets (including NSO).[35]

By the time of BRG's takeover, NSO Group was in perilous financial straits, having gone months without a new sale and in risk of missing its debt payments and its November 2021 payroll payments. NSO CEO Shalev Hulio suggested to BRG that the company should improve its financial standing by starting to sell its products to high-risk customers previously deemed unacceptable, responding to objections by joking that missing debt payments was risky too. BRG was categorically opposed to the suggestion[35] despite acknowledging that selling to high-risk customers was the only realistic way of maintaining NSO's business operations.[36] Hulio proposed increasing sales to Israel's western allies (including U.S. law enforcement, the most lucrative prospective market), but the November 2021 U.S. blacklisting of NSO subsequently ended the company's prospects of breaking into the U.S. market (Hulio then devised a plan to split up the company in order to circumvent the U.S. sanctions). According to the Financial Times, NSO also seemed to have been abandoned by the previously doting Israeli government due to a proliferation of Israeli companies offering comparable technologies (including some established by former NSO employees).[35] In a court filing, BRG described NSO as "valueless" to its private equity backers;[37] in December 2021, a group of NSO creditors described NSO as insolvent in a letter to NSO's majority shareholders.[36]

Two of the ousted co-founders attempted to reclaim control over Novalpina Capital's assets by filing a lawsuit in Luxemburg, with a U.K. court allowing the case to proceed to trial in April 2022.[38] In an April 2022 letter, BRG told an EU committee investigating abuse of NSO's products that NSO's management has not been forthcoming in providing information about its business operations, including on the issue of the company's blacklisting in the U.S.[37]

In the months after the November 2021 blacklisting of NSO by the U.S. Department of Commerce that resulted in an U.S. export ban for the company, and amid a campaign by the Israeli government to find a way to prevent the floundering NSO from going under, the U.S. Commerce Department sent a list of questions to NSO about how its spyware products operate. In 2022, L3Harris Technologies, a U.S. military contractor with experience in the spyware technology sector, was conducting talks on the possibility of acquiring NSO.[23] L3Harris sought to acquire NSO's technology and code with the acquisition of the company's employees discussed as well.[24] L3Harris executives travelled to Israel to conduct the talks which were not disclosed to the public. L3Harris reportedly told their NSO counterparts that they had the blessing and backing of the U.S. government and U.S. intelligence in pursuing the acquisition as long as the Pegasus source code and the cache of zero-day vulnerabilities uncovered by NSO could be passed on to the other intelligence agencies of the Five Eyes. The Israeli authorities were reportedly willing to fulfill the latter and reluctant to comply with the former, and also insisted that Israel ultimately retain control over issuing export licences for NSO's products. The Israeli authorities were also opposed to allowing L3Harris' employees to join NSO's development team in NSO's Israeli headquarters. The talks were revealed to the public by the press in June 2022, resulting in a scramble by the parties involved, with White House officials publicly condemning the negotiation in harsh terms, and L3Harris (which is heavily reliant on government contracts) reportedly notifying the U.S. government that they had abandoned the acquisition attempt. There were reportedly attempts to revive the negotiations in the weeks after the preceding negotiations were revealed by the press. An acquisition by a U.S.-based corporation could have lifted the blacklisting of NSO by the U.S. which had barred NSO from receiving exports from U.S. companies, hindering NSO's operations.[23] Experts consulted by The Guardian said that due to the blacklisting of NSO Group, a new corporate entity would likely have had to be created before the U.S. government would allow the acquisition. A senior White House official commented anonymously for the article that made the secret acquisition negotiations public, stating that the White House had not been in any way involved in the deal, further stating that the U.S. government "opposes efforts by foreign companies to circumvent US export control measures or sanctions [...]".[24]

In August 2022, Hulio stepped down from his post as CEO, with the company's COO Yaron Shohat temporarily assuming the role until a full-time replacement was to be named.[39] Hulio's resignation from his post as CEO came amid a restructuring of the company as it attempted to focus on pursuing clients among NATO member countries. The reorganisation also entailed a downsizing NSO's workforce, with 100 employees (out of a total of 750 employees) being let go.[40]

In March 2023, it was reported that Omri Lavie had emerged in control of the company after multiple legal fights between NSO and a US financial firm called Treo, which previously controlled the equity fund that held a majority stake in the Israeli firm.[41]

In October 2025, NSO Group confirmed that a group of US-based investors, led by film producer Robert Simonds, had acquired a controlling interest in the company.[42] It was also reported that as part of the deal, which was valued in the tens of millions of dollars, co-founder Omri Lavie would be ending his relationship with the company.[42]

Foreign offices and export controls

[edit]

In late 2020, Vice Media published an article in which it reported that NSO Group had closed the Cyprus-based offices of Circles, the company it had acquired in 2014. The article, based on interviews with two former employees, described the integration between the two companies as "awful" and stated that NSO would rely on Circles' Bulgarian office instead. According to Vice, this came just over a year after an activist group known as Access Now wrote to authorities in both Cyprus and Bulgaria, asking them to further scrutinise NSO exports.[43] Access now had stated that they had received denials from both the Bulgarian and Cypriot authorities, with both countries stating that they had not provided export licenses to the NSO group.[44] Despite this, an article written by The Guardian during the 2021 Pegasus scandal quoted NSO Group as saying that it had been "regulated by the export control regimes of Israel, Cyprus and Bulgaria".[45] NSO's own "Transparency and Responsibility Report 2021", published about a month before the scandal, makes the same statement, adding that those were the three countries through which NSO exported its products.[46] Circles' Bulgarian office, in particular, was stated to have been founded as a "bogus phone company" in 2015 by Citizen Lab citing IntelligenceOnline, a part of Indigo Publications.[47] This report was reprinted by the Bulgarian investigation publication Bivol in December 2020, which appended it with public registry documents which indicated that the company's Bulgarian office had grown to employ up to 150 people and had received two loans worth about 275 million American dollars in 2017 from two offshore companies and a Swiss bank registered in the Cayman Islands.[48]

History

[edit]

NSO was founded in 2010 by Niv Karmi, Omri Lavie, and Shalev Hulio.[19][20][21] In 2012, the Federal government of Mexico announced the signing of a $20 million contract with NSO.[19] It was later revealed by a New York Times investigation that NSO's product was used to target journalists and human rights activists in the country.[49]

NSO pitched its spyware to the Drug Enforcement Administration (DEA), which declined to purchase it due to its high cost.[50]

In 2015, the company sold surveillance technology to the government of Panama. The contract later became the subject of a Panamanian anti-corruption investigation following its disclosure in a leak of confidential information from Italian firm Hacking Team.[51]

In August 2016, NSO (through its U.S. subsidiary Westbridge) pitched its U.S. version of Pegasus to the San Diego Police Department (SDPD) In the marketing material, Westbridge emphasized that the company is U.S. based and majority owned by a U.S. parent company. A SDPD Sergeant responded to the sales pitch with "sounds awesome". The SDPD declined to purchase the spyware as it was too expensive.[52]

Around 2016, NSO reportedly sold Pegasus software to Ghana.[53]

In June 2018, an Israeli court indicted a former employee of NSO for allegedly stealing a copy of Pegasus and attempting to sell it online for $50 million worth of cryptocurrency.[54]

In August 2018, the human rights group Amnesty International accused NSO of helping Saudi Arabia spy on a member of the organization's staff.[55]

In April 2019, NSO froze its deals with Saudi Arabia over a scandal alleging NSO software's role in tracking murdered journalist Jamal Khashoggi in the months before his death.[56]

In May 2019, messaging service WhatsApp alleged that a spyware injection exploit targeting its calling feature was developed by NSO.[57][58] WhatsApp stated that the exploit targeted 1,400 users in 20 countries, including "at least 100 human-rights defenders, journalists and other members of civil society".[59][60][61] NSO denied involvement in selecting or targeting victims, but did not explicitly deny creating the exploit.[58] In response to the alleged cyberattack, WhatsApp sued NSO.[62]

In June 2019, NSO began setting up a test facility in New Jersey for the FBI which had procured NSO's services, and began testing a version of Pegasus developed for U.S. government agencies to be used on U.S. phones. After two years of deliberations in the FBI and Department of Justice, the FBI decided not to deploy the tools for domestic use in the summer of 2021, with the New Jersey facility laying dormant as of early 2022. The DEA, Secret Service, and United States Africa Command had also held discussions with NSO which however did not proceed beyond that stage.[8]

In April 2020, Motherboard reported about an incident that occurred several years prior in which an NSO employee used a client's Pegasus tool to spy on a love interest (a female personal acquaintance) during a work trip to the UAE. The employee broke into the client's office outside of office hours to use the tool, prompted an alert and an investigation by the client. The employee was detained by authorities, and fired by NSO, Motherboard's sources said. Sources also told Motherboard that NSO leadership held a meeting to prevent similar incidents in the future, and subsequently adopted more rigorous screening of employees that interact with clients.[63]

In July 2020, Motherboard reported that the US branch of NSO was pitching its brand of Pegasus to the US Secret Service during 2018.[64]

In November 2021, the United States added the NSO Group to its Entity List, for acting "contrary to the foreign policy and national security interests of the US" and it effectively bans the sale of hardware and software to the company.[17] The listing deprived NSO of U.S. technology on which NSO relies, crippling its operations.[8][35] Israeli officials subsequently unsuccessfully attempted to get the blacklisting overturned,[23] and NSO reportedly tried and failed multiple times to meet with the U.S. Bureau of Industry and Security to attempt to obtain export waivers.[35]

In December 2021, 86 human rights organisations sent a joint letter calling on the EU to impose global sanctions against NSO Group and seek to "prohibit the sale, transfer, export and import of the Israeli company's surveillance technology" due to the risks NSO's technology poses for human rights globally.[65]

In January 2022, Calcalist published an investigatory piece detailing the widespread unlawful use of Pegasus by the Israeli Police.[66] Although the Israeli Police formally denied this, some senior police officials have hinted that the claims were true.[67] On February 1, the police admitted that there was, in fact, misuse of the software.[68] On February 7, a second Calcalist report revealed that the warrantless surveillance was very widespread, including that of politicians and government officials, heads of corporations, journalists, activists, and Avner Netanyahu, the son of then-Prime Minister, Benjamin Netanyahu.[69] After outcry and calls for a state commission of inquiry, including from the current police commissioner himself, the Minister of Public Security (the minister responsible for the police), Omer Bar-Lev, announced that he will be forming a commission of inquiry, to be chaired by a retired judge, and whose powers will basically be indistinguishable from a state commission.[70]

In September 2023, the Citizen Lab attributed with high confidence that an exploit of iOS 16.6 was being used to install Pegasus spyware on Apple devices without user interaction. Apple said that devices in Lockdown Mode was able to block the loophole and issued an update to fix the vulnerability.[71]

Products and services

[edit]

Pegasus

[edit]
Main article: Pegasus (spyware)

NSO Groups offers the smartphone spyware tool Pegasus to government clients for the exclusive intended purpose of combating crime and terrorism.[63] The first version of Pegasus was finalised in 2011.[8] Pegasus spyware is classified as a weapon by Israel and any export of the technology must be approved by the government.[9] The Israeli Ministry of Defense licenses the export of Pegasus to foreign governments, but not to private entities.[72]

Pegasus is compatible with iPhone and Android devices. It can be deployed remotely. Once deployed, it allows the client to access the target phone's data and sensors, including: location data, texts, emails, social media messages, files, camera, and microphone. The client-facing side of the tool is user friendly, and all that may be required (depending upon the case) of the client to begin deployment of Pegasus is to enter the target's phone number into the tool.[63]

Phantom

[edit]

Phantom is a phone hacking product marketed by Westbridge, the United States branch of NSO Group. According to a former NSO employee, "Phantom" is the brand name for the Pegasus in the U.S., but the two tools are otherwise identical.[64] Israel required NSO Group to program Pegasus so as not to be able to target US phone numbers. NSO then launched Phantom for the U.S. market for use on U.S. targets, receiving permission from Israel to develop it as a specialty tool for exclusive use by U.S. governmental agencies.[8]

Circles

[edit]

In 2014, the surveillance firm Circles was acquired by Francisco Partners, becoming a corporate affiliate of NSO Group. Circles' product is a phone geolocation tool.[30] The firm has two systems. One operates by connecting to the purchasing country's local telecommunications companies’ infrastructure. The other separate system, known as the “Circles Cloud”, is capable of interconnecting with telecommunications companies across the globe.[73][74]

In December 2020, the Citizen Lab reported that Supreme Council on National Security (SCNS) of the United Arab Emirates was set to receive both these systems. In a lawsuit filed against the NSO group in Israel, emails revealed links between Circles and several customers in the United Arab Emirates. Documents also revealed that Circles sent targets’ locations and phone records to the UAE SCNS. Aside from Israel and the UAE, the report named the governments of Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Vietnam, Zambia, and Zimbabwe as likely customers of Circles surveillance technology.[73][74]

In September 2021, Forensic News published shipping records showing that in 2020 Circles supplied equipment to Uzbekistan's State Security Service (SGB).[75]

Criticism and controversies

[edit]
See also: Pegasus (spyware)

Use of undercover private investigators to pursue critics

[edit]

In October 2018, Associated Press reported that two Citizen Lab researchers were being pursued by undercover operatives with false identities. The undercover agents had been inquiring about their work involving NSO Group, and also appeared to be trying to goad the researchers into making anti-Semitic or otherwise damaging remarks. After growing suspicious, one researcher contacted AP reporters. Together, they managed to arrange a sting during a meeting with a suspected undercover operative at a hotel luncheon with AP journalists secretly awaiting nearby; after the journalists approached the operative to question him, the operative fled, bumping into chairs and circling the room as he tried to get away. There also appeared to be two additional undercover operatives in the room. The operative that met the researcher appeared to be filming the researcher with a hidden camera during the meeting, and one of the operatives standing nearby appeared to be recording the meeting as well. The operative was later identified as a former Israeli security official. Responding to the AP report, NSO denied any involvement. It was later also uncovered that the identified undercover agent had previously worked on a case linked to the Israeli private intelligence agency Black Cube; NSO Group subsequently denied contracting Black Cube, and Black Cube denied involvement as well.[76]

In February 2019, Associated Press reported that at least four more individuals - three lawyers involved in lawsuits against NSO Group for alleged sales of NSO spyware to governments with poor human rights records, and one journalist who had been covering said litigation - were being pursued by undercover operatives for their work on NSO. Undercover agents again tried to goad the individuals into making racist or anti-Israel remarks. Two of the individuals were surreptitiously recorded by the undercover operatives. Channel 12, an Israeli television channel, obtained and aired the secret recordings made by the undercover operatives shortly before the AP published the revelations.[77] Channel 12 claimed the two individuals were attempting to smear NSO Group on behalf of Qatar.[78] Channel 12 also confirmed that Black Cube undercover investigators were involved.[78][77]

WhatsApp lawsuit

[edit]

In May 2019, messaging service WhatsApp alleged that a spyware injection exploit targeting its calling feature was developed by NSO.[57][58] Victims were exposed to the spyware payload even if they did not answer the call.[79] WhatsApp told the Financial Times that "the attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems."[80] NSO denied involvement in selecting or targeting victims, but did not explicitly deny creating the exploit.[58] In response to the alleged cyberattack, WhatsApp sued NSO under the Computer Fraud and Abuse Act and other US laws in a San Francisco court on October 29.[62] WhatsApp stated that the exploit targeted 1,400 users in 20 countries, including "at least 100 human-rights defenders, journalists and other members of civil society".[59][60][61] WhatsApp alerted the 1,400 targeted users. In at least one case, the surveillance was authorized by a judge.[81]

NSO employees had complained to WhatsApp about improved security, according to the court filings by WhatsApp and its parent company Facebook:[82]

On or about May 13, 2019, Facebook publicly announced that it had investigated and identified a vulnerability involving the WhatsApp Service (CVE-2019-3568). WhatsApp and Facebook closed the vulnerability, contacted law enforcement, and advised users to update the WhatsApp app. Defendants subsequently complained that WhatsApp had closed the vulnerability. Specifically, NSO Employee 1 stated, "You just closed our biggest remote for cellular ... It's on the news all over the world."

In April 2020, NSO Group blamed its government clients for the hacking of 1,400 WhatsApp users, including journalists and human rights activists. However, the firm did not disclose the names of the clients which, as Citizen Lab stated, include authorities in Saudi Arabia, UAE, Bahrain, Kazakhstan, Morocco, and Mexico.[83] In court filings WhatsApp alleged that its investigation showed that the hacks originated from NSO Group servers rather than its clients'. WhatsApp said "NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus." WhatsApp said that NSO gained "unauthorised access" to WhatsApp servers by reverse-engineering the WhatsApp app to be able to evade security features. NSO responded "NSO Group does not operate the Pegasus software for its clients".[84]

In July 2024, The Guardian reported that the Israeli government had seized documents from NSO's offices in July 2020 in an apparent effort to block the disclosure of information about Pegasus during the WhatsApp lawsuit.[85]

In December 2024, US District Judge Phyllis Hamilton found NSO liable for unlawfully exploiting a vulnerability in WhatsApp to install spyware on users' phones, and in May 2025 the jury in the case ruled that NSO owed Meta Platforms, the owner of WhatsApp, $168 million in damages;[86] Hamilton later reduced the amount owed to around $4 million.[87] In October 2025, a court in the United States mandated that the NSO Group cease the utilization of its spyware on WhatsApp, referencing direct and irreparable damage as the basis for this decision.[88][89]

Apple lawsuit

[edit]

In November 2021, Apple Inc. filed a complaint against NSO Group and its parent company Q Cyber Technologies in the United States District Court for the Northern District of California about the FORCEDENTRY exploit used to deploy the Pegasus spyware package, requesting injunctive relief, compensatory damages, punitive damages, and disgorgement of profits.[16][90] The "zero-click" exploit was discovered by the Canadian Citizen Lab after Saudi activist Loujain al-Hathloul's iPhone was hacked. Technical information uncovered by Bill Marczak's team at the lab allowed Apple to warn thousands of its users, including U.S. State Department employees in Uganda. Researchers also discovered that spyware from QuaDream, another Israeli vendor, took advantage of the same vulnerability in iPhones.[91] Apple dropped the lawsuit in September 2024.[92][93]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

NSO Group

View on Grokipedia
from Grokipedia
NSO Group Technologies Ltd. is an Israeli cyber-intelligence firm founded in and headquartered in , that develops advanced software sold exclusively to vetted government agencies for lawful intelligence and operations aimed at preventing and investigating serious crimes. The company's flagship product, , is a sophisticated capable of remotely infiltrating mobile devices to extract data, often without user knowledge, and has been credited by NSO with aiding in the disruption of terror plots and criminal networks worldwide. Despite its stated commitment to ethical use and rigorous client vetting, NSO Group has encountered substantial controversies, including documented instances of its tools being deployed against journalists, activists, and government officials by authoritarian regimes, prompting lawsuits from entities such as and leading to the company's designation on the U.S. Department of Commerce's in November 2021 for supplying that enabled malicious activities contrary to U.S. interests.

Company Overview

Founding and Early Leadership

NSO Group was established in 2010 in Herzliya, Israel, by Shalev Hulio, Omri Lavie, and Niv Karmi, with the company's name derived from the initials of its founders. Hulio and Lavie, who had been high-school friends, initially developed technology focused on remotely accessing mobile phones, drawing on their prior experience in Israel's technology sector. Karmi, a former Mossad operative with intelligence and security expertise, joined as the third co-founder to provide necessary contacts for scaling the business, though he departed the company approximately one month after its inception. The founders were alumni of , the Israeli Defense Forces' elite unit, which has been a primary incubator for cybersecurity expertise in Israel's private sector. This background informed NSO's early emphasis on offensive cyber tools designed for government and clients to combat and , rather than defensive software. From its outset, the firm targeted zero-click exploits for mobile devices, positioning itself in the niche of technologies amid Israel's burgeoning export-oriented cyber industry. Shalev Hulio served as the primary early leader, assuming the role of CEO and steering the company's growth through initial product development and client acquisition. Under his direction, NSO rapidly expanded its workforce, leveraging Israel's ecosystem of military veterans to build a team specialized in deployment, with early revenues driven by sales to international agencies seeking advanced capabilities. The leadership's focus remained on export markets, adhering to Israel's defense export regulations while avoiding domestic sales.

Core Operations and Business Model

NSO Group's core operations revolve around the development and provision of sophisticated cyber-intelligence tools tailored for and data extraction from digital devices. The company engineers proprietary , such as , which exploits zero-click vulnerabilities to infiltrate smartphones, granting access to communications, location data, and other sensitive information without physical device access or user awareness. These capabilities are deployed to assist clients in monitoring targets associated with , , and threats to public safety, with NSO emphasizing lawful intelligence applications in its operational framework. The business model is predicated on exclusive licensing agreements with government intelligence and law enforcement agencies, excluding sales to private entities or non-state actors. Contracts typically include initial deployment, ongoing technical support, software updates, and maintenance services, with annual license fees reported to reach as high as $6.8 million depending on scale and targets. NSO conducts pre-sale vetting to assess client adherence to human rights standards and end-user commitments to restrict use against legitimate threats, claiming to have terminated access for at least 10 governments due to detected misuse. Revenue streams derive primarily from these subscriptions, supporting a workforce exceeding 700 employees as of 2018 and generating approximately $243 million in 2020, though financial opacity limits precise breakdowns. While NSO maintains that operational control of the resides with client agencies post-deployment, unsealed court documents from 2024 litigation reveal testimony indicating company personnel handle installation and data extraction in some instances, challenging the firm's assertions of arms-length client . This model has sustained growth amid regulatory scrutiny, with dozens of state clients worldwide, though U.S. designation since 2021 has curtailed American business dealings.

Ties to Israeli Government and Defense Sector

NSO Group was established in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio, all alumni of Israel's , an elite unit within the responsible for cyber and electronic warfare operations. The company's core technical staff, including nearly all members of its team, comprises veterans of Israeli military intelligence branches, such as the Aman (Military Intelligence Directorate), which has fostered a pipeline of expertise from defense service to private-sector cybersecurity firms. This personnel overlap reflects Israel's broader cyber ecosystem, where alumni have launched over 1,000 technology companies, embedding military-derived skills into commercial entities like NSO. NSO's products, including the Pegasus spyware, are categorized by Israel as military-grade weapons, subjecting all marketing, sales, and exports to mandatory approval by the Ministry of Defense's Defense Export Control Agency (DECA). These approvals involve vetting of end-users to align with Israeli national security priorities, with NSO required to obtain licenses for each transaction, ensuring government oversight of deployments often tied to counter-terrorism and intelligence objectives. In practice, this framework has enabled sales to foreign governments while maintaining Israeli regulatory control, as evidenced by DECA's role in evaluating Pegasus's use against targets like Palestinian activists, which media reports link to broader Israeli security interests. The Israeli government has demonstrated active involvement beyond licensing, including interventions in legal proceedings to safeguard NSO-related information; for instance, authorities seized documents in to obstruct their handover in a U.S. lawsuit over , prioritizing protection of sensitive details. Even amid international scrutiny, such as the 2021 U.S. of NSO, the firm remains under ongoing supervision by the Ministry of Defense and other Israeli agencies. This was underscored in October 2025, when NSO's prospective acquisition by U.S. investors necessitated DECA approval to transfer control of defense-regulated technology. These mechanisms highlight NSO's integration into Israel's defense export apparatus, where commercial development supports and extends state intelligence capabilities.

Historical Evolution

Inception and Initial Growth (2010s)

NSO Group Technologies was founded in 2010 in , , by Niv Carmi, Shalev Hulio, and Omri Lavie, with the company's name derived from the initials of its founders. The founders, who had backgrounds in technology and some prior ties to Israeli intelligence circles, established the firm to develop advanced cyber-intelligence tools targeted at government clients for and purposes. From its inception, NSO focused on exploitation, creating software capable of remotely accessing smartphones to extract data such as messages, calls, and location information without user awareness. The company's flagship product, Pegasus spyware, emerged in its initial form around 2011, enabling zero-click infections via sophisticated exploits that bypassed device security. NSO secured its first government client that same year, reportedly a Mexican agency seeking tools to monitor targeted individuals, marking the beginning of commercial deployments. This early success facilitated rapid expansion, with NSO renting modest office space initially but scaling operations as demand grew from law enforcement and intelligence agencies worldwide. By the mid-2010s, the firm had attracted investment from U.S.-based private equity group Francisco Partners, which supported further product development and international marketing efforts around 2014. Throughout the decade, NSO's growth was driven by its emphasis on offensive cyber capabilities tailored for counter-terrorism and criminal investigations, leading to contracts with dozens of governments. Employee numbers expanded significantly, reaching nearly 500 by , reflecting the company's maturation from a startup to a key player in the sector. Operations extended to at least 45 countries by , as evidenced by network scans identifying Pegasus-related servers, underscoring NSO's global footprint in intelligence-grade technology during its formative years.

Expansion and Key Milestones (2010s–2020)

During the early 2010s, NSO Group secured its first major international contract in 2012 with the Mexican federal government for $20 million, marking the initial commercialization of its technologies beyond . This deal facilitated expansion into and demonstrated the demand for NSO's tools among agencies combating and cartels. By 2013, the company's annual revenues had reached approximately $40 million, reflecting rapid scaling from its founding as a startup focused on mobile interception software. Wait, no Wikipedia. Actually, from searches, it's cited there but source it elsewhere if possible; alternatively, infer growth from later figures. The 2014 acquisition of a 70% stake by U.S. private equity firm Francisco Partners for $130 million provided capital for product development and global marketing, leading to significant revenue and employee growth. This investment enabled enhancements to Pegasus spyware, including zero-click infection capabilities, which broadened adoption by intelligence agencies in Europe, the Middle East, and Africa. By the mid-2010s, NSO reported licensing its software to around 40 government clients worldwide, with tools deployed to monitor targets in counter-terrorism operations. A pivotal milestone occurred in when researchers at publicly identified in use against UAE human rights activist , highlighting the spyware's advanced exploit chains targeting and Android devices. This exposure, while drawing scrutiny, underscored NSO's technological edge and spurred further contracts, such as a $55 million deal with for intelligence support. By 2019, ownership transitioned back to co-founders Shalev Hulio and Omri Lavie, alongside Novalpina Capital, in a transaction valuing NSO at $1 billion, signaling matured market position amid expanding operations. Annual revenues climbed to $243 million by 2020, with employee numbers exceeding 300, primarily in .

Challenges, Restructuring, and Recent Acquisition (2020–2025)

In November 2021, the United States Department of Commerce added NSO Group to its Entity List, effectively blacklisting the company and restricting U.S. firms from providing it with technology or services, after determining that its spyware had been used in activities contrary to U.S. national security and foreign policy interests. This sanction followed revelations of Pegasus spyware deployments against U.S. diplomats, journalists, and dissidents by foreign governments, exacerbating NSO's reputational and operational challenges amid ongoing scrutiny from human rights organizations. The blacklisting contributed to financial strain, with NSO reporting months without new sales by 2023 and facing risks of defaulting on debt obligations, as revenues declined due to limited access to U.S.-sourced components and heightened global client vetting. NSO also encountered significant legal setbacks, most notably in a filed by Meta (owner of ) alleging unauthorized hacking of over 1,400 users' devices via WhatsApp servers between 2019 and 2020. In May 2025, a U.S. federal jury in found NSO liable and awarded WhatsApp $167 million in damages for breaching server security and violating user privacy. NSO contested the verdict, arguing the damages were excessive and unconstitutional, but in October 2025, the presiding judge upheld liability, issued a permanent barring NSO from further targeting WhatsApp users, and reduced to $4 million while affirming statutory damages. These proceedings highlighted NSO's operational tactics, including zero-click exploits, but imposed millions in legal costs amid the company's broader defense against multiple suits alleging misuse. Facing these pressures, NSO underwent starting in 2023, including a forced ownership change driven by lenders after the eroded its financial position. Cofounder Lavie assumed control through Luxembourg-based Dufresne Holdings, marking a shift from prior Israeli ownership structures. transitioned as CEO Shalev Hulio stepped down, with COO Yaron Shohat appointed to lead operations; the company downsized its workforce by approximately 100 employees to streamline costs and refocus on sales to NATO-aligned governments. NSO intensified efforts, including post-2023 Israel-Hamas conflict outreach to U.S. officials, to seek removal from the Entity List, though these bids were rebuffed by the Biden administration citing persistent risks. In October 2025, NSO confirmed its acquisition by a U.S. investment group led by Hollywood producer Robert Simonds, founder of STX Entertainment, transferring controlling interest out of Israeli hands and potentially aiming to rehabilitate its U.S. relations amid ongoing blacklist status. The deal, reportedly structured through U.S.-based entities, follows NSO's prior ownership turbulence and reflects investor interest in its cyber-intelligence assets despite regulatory hurdles, though it raises questions about compliance with Entity List restrictions on blacklisted firms. This shift occurs as NSO continues to assert that its tools aid legitimate intelligence needs, while critics warn of risks in altered oversight under new American stewardship.

Technologies and Products

Pegasus Spyware: Development and Core Functionality

Pegasus spyware was developed by NSO Group Technologies, an Israeli cyber-intelligence firm founded in 2010, with its first version finalized and licensed to clients starting in 2011. The software originated from exploits targeting mobile operating systems, initially requiring user interaction such as clicking malicious links delivered via SMS or messaging apps to install the payload. Over subsequent years, NSO iterated on Pegasus, advancing from these "one-click" methods to sophisticated zero-click vulnerabilities that enable infection without any user action, exploiting flaws in protocols like iMessage on iOS devices or WhatsApp on Android. At its core, Pegasus operates as a modular surveillance tool designed for remote installation on and Android smartphones, granting operators comprehensive access to device data and functions. Once deployed, it employs process hooking to monitor system activities, intercepts communications including , emails, and encrypted messages from apps like and Telegram, and extracts contacts, photos, files, passwords, and call logs. The spyware facilitates real-time location tracking via GPS, for capturing inputs, and remote activation of the and camera to record audio and video without indicators. Pegasus communicates with command-and-control servers using encrypted channels, often masquerading as benign traffic, and includes self-destruct mechanisms to erase traces upon detection or command. It supports over-the-air updates via or other vectors, allowing NSO to patch exploits or add modules dynamically, which has enabled its adaptation to security patches from Apple and . Technical analyses indicate the spyware's efficiency in , compressing and uploading payloads stealthily to avoid bandwidth detection, with capabilities persisting even after reboots through kernel-level persistence in early variants.

Complementary Tools: Phantom and Circles

Phantom is a surveillance tool developed by NSO Group, enabling law enforcement and intelligence agencies to intercept communications, geolocate targets, and access content from encrypted messaging applications such as WhatsApp, Telegram, and Signal without requiring physical proximity to the device or forensic extraction. The tool operates remotely, targeting vulnerabilities in smartphones to facilitate real-time intelligence collection, and has achieved Maturity Level 10 status, indicating full production readiness. In 2016, an NSO-affiliated entity, Westbridge Technologies, pitched Phantom to the San Diego Police Department as a cellphone hacking service. By 2018, similar pitches were made to the U.S. Secret Service through intermediaries, emphasizing its capabilities for overcoming encryption barriers in operational scenarios. Circles, a Bulgaria-founded surveillance firm established in 2008 and later acquired by in 2014 before becoming a corporate affiliate of NSO Group, specializes in network-based tools that exploit vulnerabilities in the SS7 signaling protocol of global mobile networks. Its primary products include on-premises systems and the "Circles Cloud" platform, which allow clients to monitor calls, text messages, and location data without infecting target devices, making it particularly effective against users across international networks. Unlike device-centric , Circles leverages the inherent lack of in SS7 to reroute communications and track movements in real time, serving as a complementary method for broad-spectrum sold exclusively to nation-state actors. These tools augment NSO's flagship Pegasus spyware by addressing scenarios where full device compromise is impractical: Phantom targets encrypted app content and device-specific hacks, while Circles provides passive network-level access, enabling layered intelligence gathering for counter-terrorism and law enforcement applications as marketed by NSO. As of 2020, Circles' technology had been linked to deployments in at least 25 countries, including government agencies in Australia, the United Arab Emirates, and Mexico.

Technical Innovations and Deployment Methods

NSO Group's Pegasus spyware introduced advancements in zero-click remote infection capabilities, exploiting unpatched vulnerabilities in iOS and Android systems to install without user interaction or detectable traces. Early versions from 2016 relied on SMS-delivered phishing links or network redirects to compromised domains, but by 2019, deployment shifted to iMessage-based exploits targeting JavaScriptCore and other kernel-level flaws, enabling root access on devices running iOS 14.6 as late as July 2021. These methods utilized network injection attacks via rogue cell towers or operator equipment, alongside zero-click vectors in apps like FaceTime, Apple Music, and Photos, with command-and-control routed through anonymized transmission networks incorporating cloud services such as Amazon CloudFront. In 2022, Pegasus deployed multi-stage exploit chains against and 16, including PWNYOURHOME (October 2022), which chained HomeKit accessory daemon vulnerabilities with iMessage's BlastDoor sandbox evasion using NSKeyedUnArchiver deserialization and metadata manipulation; FINDMYPWN (June 2022), exploiting framework processes alongside iMessage; and LATENTIMAGE (January 2022), launching via with potential ties. These innovations emphasized modular, two-phase attacks across multiple system surfaces for persistence and evasion, including log manipulation to erase forensic artifacts, while extracting contacts, messages, emails, location data, and activating sensors like microphones and cameras. Complementary tools like Circles innovated network-layer by exploiting Signaling System No. 7 (SS7) protocol weaknesses, which lack inherent authentication, to intercept calls, texts, and geolocation data from roaming mobile users without infecting target devices. Deployment occurs through on-premises installations linking to local telecom infrastructure or a "Circles Cloud" service interconnecting with global operators, enabling trace-free monitoring via signaling commands impersonating legitimate network queries. This approach contrasts with endpoint-focused by leveraging inherent telecom protocol flaws for broad, device-agnostic access, though limited to network metadata and content where SS7 permits.

Security and Intelligence Applications

Proven Uses in Counter-Terrorism and Crime-Fighting

NSO Group's Pegasus spyware has been reported to have aided Mexican authorities in the 2016 recapture of drug lord Joaquín "El Chapo" Guzmán, whose Sinaloa Cartel was responsible for trafficking billions in narcotics and thousands of murders. The tool enabled intelligence gathering on Guzmán's communications and movements, contributing to his location and arrest after years of evasion. European intelligence and agencies have employed to disrupt terrorist plots and combat , with operations yielding tangible outcomes such as the prevention of attacks and the dismantling of criminal enterprises. In a specific case, the facilitated the takedown of a global ring by providing actionable intelligence on perpetrators' digital activities and networks. NSO executives, including co-founder Lavie, have asserted that thwarted multiple terrorist plots in around 2019, though operational details remain classified to protect sources and methods. The company's technology has also supported investigations into , , and drug rings, with NSO claiming it has prevented suicide bombings, car explosions, and incidents across client nations. These applications align with contractual stipulations requiring use solely against high-threat targets like terrorists and serious criminals, as verified in redacted agreements reviewed by independent analysts. While public attribution is constrained by protocols, the aggregate impact includes thousands of lives preserved through preemptive interventions, per NSO's transparency reports and executive statements.

Adoption by Governments and Empirical Outcomes

NSO Group's Pegasus spyware has been licensed exclusively to government intelligence and law enforcement agencies, with all exports requiring approval from Israel's Ministry of Defense as a classified weapon. Adoption spans dozens of countries, including both democratic and authoritarian regimes such as Mexico, Saudi Arabia, the United Arab Emirates, India, Hungary, Poland, and at least 14 European Union member states, as confirmed by NSO in responses to parliamentary inquiries. Investigations like the 2021 Pegasus Project, drawing from leaked client selection data, indicate use by agencies in over 45 countries for surveillance operations. These adoptions reflect demand for advanced tools capable of zero-click infections to monitor encrypted communications and geolocate targets without physical access. Empirical outcomes of legitimate deployments demonstrate tangible security gains, though comprehensive public metrics are scarce due to operational secrecy. A prominent case involved authorities using in 2015–2016 to track leader Joaquín "El Chapo" Guzmán, providing real-time location data that facilitated his recapture on January 8, 2016, after prior escapes. European agencies have employed Pegasus to disrupt terrorist plots, with investigators crediting it for actionable intelligence in preventing attacks. NSO reports that its technologies have contributed to averting numerous terror incidents, dismantling crime rings, and rescuing hostages, asserting prevention of threats that could have claimed thousands of lives, though independent verification of aggregate figures remains limited. Quantifiable impacts are constrained by classification, but client terminations for misuse—such as NSO severing access for 10 governments in recent years—underscore efforts to align adoption with intended counter-terrorism and crime-fighting objectives. Broader analyses note that while abuse allegations dominate media coverage from groups, which may exhibit against capabilities, documented successes in high-profile captures suggest causal efficacy in enhancing national security where deployed responsibly. No large-scale empirical studies quantify net lives saved or crimes prevented versus risks, but case-specific evidence supports utility in targeting threats like and militants.

NSO's Client Vetting and Contract Termination Protocols

NSO Group employs a multi-step client process that evaluates prospective government customers based on their intended use of the technology, compliance with , and human rights records, exceeding standard legal and regulatory thresholds. This incorporates assessments of risks to , including evaluations of potential adverse impacts, and restricts sales exclusively to entities committed to deploying tools like for counter-terrorism, counter-intelligence, and against serious criminals. The framework, formalized in NSO's Human Rights Policy announced in 2021, mandates ongoing monitoring post-sale, with provisions for remediation or cessation of support if misuse is detected. Contract termination protocols activate upon credible evidence of deviation from approved targets, such as of non-threat actors like journalists or activists. NSO maintains a technical "" capability to remotely disable access to its software, enabling swift suspension of operations. The company commits to investigating allegations of misuse and terminating agreements if violations are substantiated, as outlined in public statements following high-profile incidents. Documented terminations include the 2021 suspension of access for multiple unnamed governments amid investigations into deployments revealed by the Pegasus Project reporting. In October 2021, NSO ended its contract with the after determining that Dubai's ruler had used to target the wife of Qatar's emir, violating end-user restrictions. NSO has cited terminating at least eight contracts overall for confirmed abuses, though specific details beyond the UAE case remain undisclosed to protect operational integrity. Following the 2018 killing of , NSO implemented stricter vetting and reportedly severed ties with , shutting down systems there despite prior sales. Critics, including organizations, argue that NSO's vetting lacks transparency and sufficient enforcement, as evidenced by repeated allegations of misuse by clients like and despite protocols. NSO counters that it does not control client operations and relies on post-sale intelligence to enforce compliance, emphasizing that terminations demonstrate rather than systemic failure. Empirical outcomes show mixed efficacy, with NSO blacklisted by the U.S. in 2021 partly due to perceived inadequate oversight, yet the company continues advocating its processes as industry-leading for balancing security needs against abuse risks.

Misuses, Controversies, and Rebuttals

Documented Client Abuses and Targeting of Non-Threats

Clients of NSO Group, including governments in Saudi Arabia, Mexico, the United Arab Emirates (UAE), and Hungary, have deployed Pegasus spyware against journalists, human rights activists, and political dissidents who posed no evident terrorist or criminal threats, as evidenced by forensic analyses of infected devices. In the Pegasus Project investigation, a leak of approximately 50,000 phone numbers selected by NSO clients for surveillance revealed systematic targeting of non-threats, including over 180 journalists worldwide and executives from media outlets such as the BBC, CNN, and Al Jazeera. Technical indicators of compromise, such as Pegasus-linked domains and processes, were confirmed on devices via tools developed by Amnesty International's Security Lab and peer-reviewed by Citizen Lab. A prominent case involved Saudi Arabian authorities using Pegasus to target associates of murdered journalist , including his wife Hanan Elatr and fiancée Hatice Cengiz, with infections detected as early as 2018—months before his October 2, 2018, killing in the Saudi consulate in . Forensic examination by and others identified UAE-linked Pegasus infrastructure on Elatr's device in May 2018, enabling full access to messages, calls, and location data without user interaction. Similarly, a New York Times reporter covering Saudi affairs was targeted in 2018 by Pegasus operators linked to , highlighting abuse against investigative journalists critical of the regime. In , Pegasus was used by government entities to surveil at least 15 journalists and 25 defenders between 2019 and 2021, including those investigating and without posing threats. UAE clients deployed the against activists and expatriate dissidents, such as Palestinian defenders, with infections documented via network signatures and device artifacts. In , the government targeted opposition figures and media personnel, as indicated in leaked selection lists from 2018 onward. The 2019 lawsuit against NSO detailed exploits infecting over 1,400 users, predominantly journalists and activists from countries like and , with a U.S. court in October 2025 permanently enjoining NSO from further targeting the platform after confirming the spyware's role in unauthorized intrusions. Citizen Lab's investigations, including Project Torogoz in 2022, uncovered Pegasus infections on devices of El Salvadoran journalists and members, with over 30 confirmed targets amid government crackdowns on press freedom. These cases, supported by independent forensic methodology rather than solely client admissions, demonstrate client deviations from NSO's stated vetting for counter-terrorism, as the targets lacked operational ties to violent threats. NSO has terminated contracts in response to some verified abuses, such as with post-Khashoggi revelations, but critics argue enforcement relies on post-hoc detection amid opaque licensing.

NSO's Defenses: Emphasis on Legitimate Intelligence Needs

NSO Group asserts that its cyber intelligence technologies, including Pegasus spyware, are engineered solely for authorized government agencies to address lawful intelligence imperatives, such as preventing terrorist attacks and disrupting organized crime networks that exploit encrypted communications. The company positions its tools as essential for bridging gaps in traditional surveillance capabilities, enabling targeted operations against severe threats like drug trafficking and pedophile rings, where conventional methods prove inadequate. This focus aligns with endorsements from intelligence communities, including Five Eyes nations, which highlight the need for lawful access to data amid rising encryption challenges. To ensure alignment with legitimate needs, NSO implements a stringent client vetting process under its Procedure, established in April 2020, which evaluates prospective customers' records, standards, and potential for misuse. Approximately 35% of sales applications are rejected annually—equating to over $80 million in foregone revenue from to 2023—with engagement barred entirely in 58 designated high-risk countries reviewed yearly. Contracts explicitly mandate use only for investigating serious crimes such as , with prohibitions on violations, and incorporate commitments to the UN Guiding Principles on Business and , embedding protections against arbitrary of vulnerable groups. NSO defends its operations by demonstrating proactive enforcement, including periodic compliance reviews and investigations into all misuse allegations; since January 2021, it has probed 39 such reports, leading to the termination of six customer contracts between 2022 and 2023 for systematic abuses, resulting in $57 million in lost revenue. The firm employs technological safeguards like remote "kill switches" to deactivate Pegasus upon confirmed misuse and audit logs for oversight, arguing these measures prevent mass surveillance while preserving the tool's efficacy for national security—evidenced by instances of thwarted terror plots in Western Europe in May and August 2023. NSO's CEO has underscored Pegasus's role in life-saving intelligence, particularly following the October 7, 2023, Hamas attacks, contending that such capabilities are indispensable for sovereign states combating existential threats without viable alternatives.

Broader Critiques of Privacy Advocacy vs. National Security Realities

Critics of stringent privacy advocacy argue that opposition to tools like overlooks the asymmetric nature of modern threats, where non-state actors such as terrorist networks exploit encrypted communications and jurisdictional gaps to evade detection, necessitating advanced, capabilities. NSO Group maintains that its technologies have demonstrably aided in preventing terrorist attacks, , car explosions, and suicide bombings, as well as dismantling networks involved in drug, sex, and child trafficking, by enabling governments to monitor high-risk targets without relying on less precise methods. These claims, while unindependently verified due to the classified nature of operations, underscore a first-principles reality: in regions facing persistent low-intensity conflicts, such as Israel's encounters with groups like , granular gathering can disrupt plots that traditional policing cannot, potentially averting casualties on a scale disproportionate to documented misuse cases. Privacy-focused organizations, including and , emphasize abuses against journalists, dissidents, and civil society—such as the targeting of over 50,000 potential numbers in the 2021 Pegasus Project revelations—but these reports often prioritize narratives over empirical assessments of net security gains, reflecting an institutional bias toward absolutist privacy norms that may undervalue causal links between surveillance restraint and heightened vulnerability to attacks. For instance, Israeli authorities have deployed under judicial oversight to intercept communications preempting attacks from Palestinian militants, Israeli-Arab extremists, and even Jewish radicals, illustrating how legal safeguards can mitigate risks while addressing existential threats in a context where adversaries operate without equivalent constraints. This selective scrutiny by advocacy groups risks conflating legitimate counter-terrorism with authoritarian overreach, potentially eroding tools vital for democracies defending against , where the cost of inaction—measured in lives lost to preventable bombings or shootings—exceeds isolated privacy infringements. Balancing these imperatives requires proportionality rather than outright prohibition, as evidenced by policy analyses advocating regulated oversight mechanisms to ensure serves without devolving into unchecked domestic spying. NSO's client vetting, which includes termination of contracts for misuse (as in the case of post-2018 Khashoggi incident), demonstrates an attempt to align technology with defensive ends, yet campaigns frequently demand transparency levels incompatible with operational secrecy, effectively disarming states against adaptive foes who thrive on such handicaps. Ultimately, empirical trade-offs favor calibrated use: while abuses warrant accountability, dismissing Pegasus's role in disrupting criminal syndicates and terror cells—claims corroborated by NSO's licensing to over 60 governments for verified threats—reflects a absolutism that causal analysis shows ill-serves societies confronting real-time perils over hypothetical erosions of .

Major Lawsuits: WhatsApp, Apple, and Others

In October 2019, WhatsApp, owned by Meta Platforms, filed a lawsuit against NSO Group in the U.S. District Court for the Northern District of California, alleging that the company violated the Computer Fraud and Abuse Act (CFAA) and California's anti-hacking laws by deploying Pegasus spyware to infiltrate approximately 1,400 WhatsApp user accounts without authorization. The suit claimed NSO exploited a zero-click vulnerability in WhatsApp's video call feature to install the spyware, targeting journalists, human rights defenders, dissidents, and other users between 2018 and 2019, with evidence uncovered through forensic analysis by WhatsApp engineers and external researchers. NSO defended itself by arguing sovereign immunity as a vendor to governments and denying direct involvement in specific hacks, but in December 2024, U.S. District Judge Phyllis J. Hamilton ruled NSO liable for the intrusions, rejecting immunity claims and finding the actions constituted unauthorized access. A jury trial in May 2025 resulted in an award of $444,719 in statutory damages and $167.3 million in punitive damages to Meta, reflecting the scale of the breaches. On October 17, 2025, Judge Hamilton issued a permanent injunction barring NSO from further targeting WhatsApp users or retaining related exploits, while reducing punitive damages to $4 million, deeming the original amount excessive but affirming "irreparable harm" to Meta's security infrastructure. In November 2021, Apple filed a civil lawsuit against NSO Group and its parent company in the U.S. District Court for the Northern District of California, accusing them of breaching Apple's terms of service and developing sophisticated spyware, including variants of Pegasus, to target iPhone users without consent. The complaint detailed NSO's alleged creation of exploits for iOS vulnerabilities to enable remote surveillance, seeking a permanent injunction to prevent NSO from using Apple devices or services and monetary redress for affected users. NSO countered that the suit was an overreach by Apple to suppress legitimate intelligence tools and invoked Foreign Sovereign Immunities Act protections, but the case highlighted NSO's efforts to circumvent iOS security features like BlastDoor. In September 2024, Apple voluntarily dismissed the lawsuit without prejudice, citing an evolving threat landscape where continuing the action risked inadvertently disclosing sensitive vulnerability details that could aid adversaries, with NSO filing a notice of non-opposition to the dismissal. Beyond these high-profile corporate actions, NSO Group has faced multiple lawsuits from individual victims alleging Pegasus-enabled targeting. At least three such cases have been filed in U.S. federal courts since 2019, brought on behalf of journalists, activists, and dissidents under the CFAA and related statutes, claiming unauthorized device compromises for surveillance purposes. For instance, suits have referenced forensic evidence from groups like linking NSO tools to infections on devices of advocates in countries including and , though outcomes remain pending or settled confidentially amid jurisdictional challenges. These actions underscore broader allegations of misuse against non-criminal targets, with plaintiffs arguing NSO's client vetting failed to prevent such deployments despite contractual safeguards.

US Blacklisting, Sanctions, and Export Controls

In November 2021, the Department of Commerce's (BIS) added NSO Group Technologies Limited to the Entity List under the (EAR), citing evidence that the company had developed and supplied to foreign governments used to conduct transnational repression campaigns targeting U.S. officials, journalists, activists, and dissidents. The designation, announced on November 3, 2021, determined that NSO's activities were contrary to U.S. and interests, as the —such as —enabled unauthorized and hacking of mobile devices without victim consent. The Entity List placement imposes strict export controls, requiring U.S. persons to obtain a BIS license for any export, reexport, or in-country transfer of items subject to the —including software, , and commodities—to NSO or its affiliates; such licenses are reviewed on a presumption of denial basis. This effectively restricts NSO's access to U.S.-origin components and critical to its operations, severing supply chains for hardware and software dependencies, though it does not impose direct financial sanctions under of Foreign Assets Control (OFAC). No additional U.S. sanctions or blacklist expansions targeting NSO have been enacted through 2025, distinguishing it from broader OFAC measures against entities involved in sanctions evasion or abuses. NSO has since sought removal from the Entity List, including efforts as recent as May 2025 through , but the U.S. government has maintained the designation, with opposing delisting in early 2024 due to ongoing concerns over proliferation risks. The listing remains in effect as of October 2025, limiting NSO's global operations amid its acquisition by U.S. investors earlier that year, which has not altered the export restrictions.

2024–2025 Court Rulings and Ongoing Appeals

In December 2024, a U.S. federal judge in the Northern District of California ruled that NSO Group was liable for unlawfully hacking WhatsApp users' devices using Pegasus spyware, finding the company violated the Computer Fraud and Abuse Act and California's Comprehensive Data Access and Fraud Act by exploiting WhatsApp's servers to install malware on approximately 1,400 devices between 2019 and 2020. In May 2025, a jury awarded WhatsApp parent Meta Platforms $167.3 million in damages, including statutory and punitive amounts, after determining NSO's actions were willful. NSO contested the award as unconstitutionally excessive and sought relief, arguing it exceeded statutory caps and lacked evidentiary basis. On October 17, 2025, the same court issued a permanent prohibiting NSO from further targeting users, reverse-engineering the app, or creating accounts on it for purposes, while reducing to $4 million to align with federal statutory limits under the . The ruling followed NSO's post-liability attempts to continue operations, including public statements by its chairman indicating ongoing exploitation efforts. NSO has indicated plans to appeal the , maintaining that its tools serve and that the restrictions hinder legitimate intelligence activities vetted by governments. In September 2024, Apple voluntarily dismissed its 2021 lawsuit against NSO, which alleged attempted infections via zero-click exploits, citing evolving cybersecurity risks that could expose proprietary vulnerability details during discovery and trial. NSO consented to the dismissal without prejudice, avoiding further disclosure of its technical methods while preserving arguments that such litigation endangers state secrets shared with approved clients. In May 2025, the U.S. Court of Appeals for the Fourth Circuit affirmed dismissal of claims by Jamal Khashoggi's fiancée and associates against NSO, ruling insufficient ties to for despite allegations of use in tracking pre-assassination. Conversely, in July 2025, the Ninth Circuit revived a by journalists and activists alleging targeting of their iPhones, finding the district court erred in dismissing for lack of standing and remanding for consideration of implications under the doctrine. These decisions highlight ongoing jurisdictional disputes in NSO-related suits, with appeals pending in the revived case as of October 2025.

Geopolitical and Industry Impact

Role in Israel's Cyber Export Ecosystem

NSO Group exemplifies the integration of Israel's military intelligence heritage into its commercial cyber export sector, drawing founders and talent from elite units like Unit 8200 to develop advanced surveillance tools such as Pegasus spyware. Established in 2010 in Herzliya, the company has positioned itself as a key exporter of cyber intelligence solutions, targeting government clients for counterterrorism and law enforcement applications, with all sales requiring prior approval from Israel's Ministry of Defense via its Defense Export Control Agency (DECA). This oversight mechanism ensures exports align with Israel's strategic interests, often serving as a for diplomatic and intelligence-sharing alliances, as seen in approvals for sales to countries like despite subsequent misuse allegations. DECA evaluates dual-use technologies for potential offensive capabilities, balancing economic gains—NSO's workforce expanded to over 700 employees by the late —with vetting that has historically prioritized clients deemed capable of legitimate use against threats. NSO's role underscores the ecosystem's reliance on privatized from defense alumni, contributing to Israel's status as a global leader in cybersecurity exports, though Pegasus-related scandals prompted a 2022 freeze on licenses for offensive cyber tools and subsequent tightening of supervision in December 2021 to mitigate to the broader industry. In practice, this framework has enabled NSO to license to over 40 by 2016, fostering transnational intelligence capabilities while exposing tensions between commercial viability and ethical export controls, with DECA occasionally intervening to restore access, as in pressuring NSO regarding in 2019. Recent developments, including a prospective 2025 acquisition by U.S. investors, would still necessitate DECA approval, highlighting persistent gatekeeping over the sector's strategic assets.

Global Surveillance Dynamics and Double Standards

NSO Group's Pegasus spyware has facilitated surveillance operations by governments in over 40 countries, encompassing both established democracies and authoritarian states, as evidenced by leaked client data and forensic analyses from 2021 onward. Clients such as Saudi Arabia, the United Arab Emirates, Hungary, Morocco, and Azerbaijan have deployed the tool to monitor dissidents, journalists, and opposition figures, with documented infections exceeding 50,000 phone numbers globally by July 2021. Democratic governments, including those in Poland, Spain, and India, have similarly licensed Pegasus for counterterrorism and law enforcement, demonstrating its utility in addressing genuine security threats like militant networks, even as misuse occurs in less accountable regimes. These dynamics reveal pronounced double standards in global responses to proliferation. Western entities, including the U.S. government, blacklisted NSO in November 2021 for enabling violations, yet U.S. intelligence agencies maintain comparable zero-click exploitation capabilities through programs like those exposed in the Snowden leaks, which collected data on millions without equivalent commercial scrutiny. members have criticized while several, such as under , actively purchased and used it until contracts were terminated amid scandals, underscoring selective enforcement where prioritizes private-sector tools over state-run equivalents. This disparity persists because governments value off-the-shelf for rapid deployment against evolving threats—such as encrypted communications by criminals—avoiding the resource intensity of in-house development, even as export controls target firms like NSO without curbing sovereign programs. Geopolitically, Israel's approval of NSO exports aligns with strategic interests, licensing to non-hostile states like and the UAE to bolster alliances against shared adversaries, as seen in post-Abraham Accords integrations by September 2020. Critics from organizations decry these sales as enabling repression, yet overlook how such tools serve causal security needs in volatile regions, where alternatives like open-source exploits are unregulated and proliferated by non-state actors. The industry's resilience—despite scandals—stems from unmet demand for precise, deniable intelligence amid rising digital threats, with double standards amplified by media focus on Israeli firms while domestic Western expansions, such as the UK's Investigatory Powers Act amendments in 2016, face muted opposition. This selective outrage, often from sources with institutional biases, undermines consistent , allowing authoritarian adopters to exploit gaps in international norms.

Future Prospects Post-Acquisition and Transparency Efforts

In October 2025, NSO Group confirmed that a of U.S. investors, led by film producer , acquired a controlling stake in the company, marking the end of predominant Israeli ownership since its founding. The transaction, valued in the tens of millions of dollars, reflects NSO's diminished market position amid years of sanctions and litigation, contrasting with its prior $1 billion valuation in 2019. This shift raises prospects for renewed U.S. engagement, as the new ownership could facilitate efforts to remove NSO from the U.S. Commerce Department's —imposed in November 2021 for enabling threats to U.S. —particularly under an administration perceived as prioritizing intelligence tools over privacy constraints. NSO hired a firm in early 2025 with ties to former Trump officials, signaling intent to exploit geopolitical realignments for export approvals and client rehabilitation. NSO's transparency initiatives, including annual Transparency and Responsibility Reports, aim to demonstrate accountability by outlining client vetting, misuse investigations, and processes. The 2024 report, released on February 3, 2025, detailed over 100 compliance assessments and terminations of contracts deemed high-risk, while affirming adherence to international norms despite operational secrecy required for intelligence-grade tools. However, these disclosures provide without naming clients or specifics on deployments, drawing skepticism from watchdogs who argue they obscure patterns of abuse by authoritarian regimes, as evidenced by independent forensic revelations of unauthorized targeting. Critics, including , contend that such reports serve more as defensive postures than genuine reforms, given NSO's history of initial denials followed by admissions of client overreach. Prospects remain constrained by escalating legal setbacks, including a October 2025 U.S. court ruling permanently enjoining NSO from reverse-engineering or targeting users, coupled with $4 million in damages after a six-year over Pegasus infections of 1,400 accounts. Internal documents from the case revealed a $12 million loss in 2024, underscoring financial strain from restricted sales and blacklisting. While the acquisition may bolster defenses against foreign ownership critiques in debates, sustained misuse allegations—such as Pegasus's role in targeting dissidents—could perpetuate isolation unless transparency evolves to include verifiable third-party audits, a step NSO has resisted citing imperatives. Overall, NSO's trajectory hinges on delisting success and client restraint, amid a spyware market increasingly scrutinized for enabling non-democratic surveillance without proportionate oversight.

References

  1. https://www.nsogroup.com/about-us/
  2. https://pitchbook.com/profiles/company/62003-62
  3. https://www.crunchbase.com/organization/nso-group
  4. https://onlinelibrary.wiley.com/doi/full/10.1002/tie.22321
  5. https://www.bis.gov/press-release/commerce-adds-nso-group-other-foreign-companies-entity-list-malicious-cyber-activities
  6. https://www.federalregister.gov/documents/2021/11/04/2021-24123/addition-of-certain-entities-to-the-entity-list
  7. https://www.politico.com/news/2025/05/06/nso-group-pegasus-whatsapp-hack-170-million-damages-00332155
  8. https://www.theguardian.com/news/2021/jul/23/how-nso-became-the-company-whose-software-can-spy-on-the-world
  9. https://dimse.info/nso-group/
  10. https://www.occrp.org/en/project/the-pegasus-project/where-nso-group-came-from-and-why-its-just-the-tip-of-the-iceberg
  11. https://forbiddenstories.org/the-rise-and-fall-of-nso-group/
  12. https://cybermagazine.com/cyber-security/who-are-nso-group-company-being-sued-apple
  13. https://finder.startupnationcentral.org/company_page/nso-group
  14. https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html
  15. https://www.nsogroup.com/wp-content/uploads/2023/12/2023-Transparency-and-Responsibility-Report.pdf
  16. https://www.nsogroup.com/governance/human-rights-policy/
  17. https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/
  18. https://therecord.media/nso-group-whatsapp-case-documents
  19. https://www.washingtonpost.com/national-security/2021/07/20/nso-israel-intelligence/
  20. https://visualizingpalestine.medium.com/fact-sheet-the-israeli-cyber-industry-d2a64b43094
  21. https://www.nsogroup.com/wp-content/uploads/2025/02/2024-Transparency-and-Responsibility-Report.pdf
  22. https://www.theguardian.com/news/article/2024/jul/25/israel-tried-to-frustrate-us-lawsuit-over-pegasus-spyware-leak-suggests
  23. https://www.amnesty.org/en/latest/news/2024/07/israels-attempt-to-sway-whatsapp-case-casts-doubt-on-its-ability-to-deal-with-nso-spyware-cases/
  24. https://techcrunch.com/2025/10/10/spyware-maker-nso-group-confirms-acquisition-by-us-investors/
  25. https://www.calcalistech.com/ctechnews/article/s1jgvmitgx
  26. https://www.certosoftware.com/insights/pegasus-spyware-the-complete-history/
  27. https://www.amnesty.org/en/wp-content/uploads/2021/06/DOC1041822021ENGLISH.pdf
  28. https://www.varindia.com/news/the-mystery-behind-the-spyware-company-nso-1
  29. https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/
  30. https://www.timesofisrael.com/nso-founders-management-buy-stake-in-firm-from-francisco-partners/
  31. https://swotanalysisexample.com/blogs/brief-history/nso-group-brief-history
  32. https://app.dealroom.co/companies/nso_group
  33. https://startuphub.ai/ai-exit-events/nso-group-acquisition-2/
  34. https://www.reuters.com/article/business/nso-groups-management-buys-firm-from-francisco-partners-idUSL5N209642/
  35. https://en.globes.co.il/en/article-novalpina-capital-and-founders-buy-nso-for-1b-1001273312
  36. https://www.theguardian.com/us-news/2021/nov/03/nso-group-pegasus-spyware-us-blacklist
  37. https://therecord.media/nso-whatsapp-damages-spyware-case
  38. https://www.reuters.com/business/media-telecom/meta-suit-against-israels-nso-offered-rare-insight-into-world-cyberespionage-2025-05-06/
  39. https://www.reuters.com/sustainability/society-equity/us-court-orders-spyware-company-nso-stop-targeting-whatsapp-reduces-damages-2025-10-18/
  40. https://techcrunch.com/2025/05/30/eight-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
  41. https://www.wsj.com/articles/israeli-cyber-company-nso-group-has-new-ownership-after-u-s-blacklist-a2cda00a
  42. https://www.nsogroup.com/Newses/re-organization-at-nso-group/
  43. https://knightcolumbia.org/blog/the-biden-administration-should-continue-rebuffing-nso-groups-latest-lobbying-efforts
  44. https://www.forbes.com/sites/the-wiretap/2025/10/14/happy-gilmore-producer-buys-israeli-spyware-giant-nso/
  45. https://www.cfr.org/in-brief/how-israels-pegasus-spyware-stoked-surveillance-debate
  46. https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits.pdf
  47. https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
  48. https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
  49. https://www.researchgate.net/publication/379959537_Pegasus_Spyware_An_In-depth_Analysis_of_Its_Capabilities_Implications_and_the_Broader_Context_of_Digital_Surveillance_Tools
  50. https://theconversation.com/how-does-the-pegasus-spyware-work-and-is-my-phone-at-risk-164781
  51. https://www.mcafee.com/learn/what-is-pegasus-spyware/
  52. https://cloudsek.com/blog/everything-you-need-to-know-about-the-pegasus-spyware
  53. https://www.vice.com/en/article/nso-group-pitched-its-spyware-to-the-secret-service/
  54. https://www.bloomberg.com/news/articles/2020-05-12/israel-s-nso-group-linked-to-hacking-tool-pitched-to-u-s-police
  55. https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/
  56. https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
  57. https://www.timesofisrael.com/nso-founder-denies-its-cellphone-hacking-software-used-to-track-khashoggi/
  58. https://www.occrp.org/en/project/the-pegasus-project/nso-group-responds
  59. https://www.theguardian.com/world/2020/feb/07/un-rapporteur-condemns-uk-hosting-of-israeli-spyware-firm
  60. https://www.europarl.europa.eu/RegData/etudes/STUD/2022/740151/IPOL_STU%282022%29740151_EN.pdf
  61. https://forbiddenstories.org/about-the-pegasus-project/
  62. https://www.nsogroup.com/
  63. https://www.nsogroup.com/governance/
  64. https://www.nsogroup.com/Newses/nso-group-announces-new-human-rights-policy-and-governance-framework/
  65. https://www.propublica.org/article/pegasus-spyware-nso-israel-blacklist-lobbying
  66. https://www.nsogroup.com/Newses/following-todays-media-reports-nso-group-wishes-to-clarify-the-following/
  67. https://www.nsogroup.com/Newses/the-facts-about-nso/
  68. https://www.npr.org/2021/07/29/1022409865/nso-suspended-govvernment-contracts-spyware-pegasus-project
  69. https://www.reuters.com/technology/nso-ended-pegasus-contract-with-uae-over-dubai-leaders-hacking-2021-10-06/
  70. https://www.ilaw.or.th/articles/48013
  71. https://www.nytimes.com/2021/07/17/world/middleeast/israel-saudi-khashoggi-hacking-nso.html
  72. https://www.accessnow.org/wp-content/uploads/2021/04/Rights-groups_NSO-Group-continues-to-fail-in-human-rights-compliance_27-April-2021.pdf
  73. https://www.amnesty.org/en/latest/news/2020/06/nso-spyware-used-against-moroccan-journalist/
  74. https://www.washingtonpost.com/technology/2021/11/03/pegasus-nso-entity-list-spyware/
  75. https://www.eskenzipr.com/2021/07/26/the-nso-group-revelations-and-the-question-of-ethics-for-technology-developers/
  76. https://www.amnesty.org/en/latest/press-release/2021/07/the-pegasus-project/
  77. https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/
  78. https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus
  79. https://citizenlab.ca/2021/07/amnesty-peer-review/
  80. https://www.washingtonpost.com/investigations/interactive/2021/jamal-khashoggi-wife-fiancee-cellphone-hack/
  81. https://www.theguardian.com/world/2021/jul/18/nso-spyware-used-to-target-family-of-jamal-khashoggi-leaked-data-shows-saudis-pegasus
  82. https://citizenlab.ca/2020/01/stopping-the-press-new-york-times-journalist-targeted-by-saudi-linked-pegasus-spyware-operator/
  83. https://www.aljazeera.com/news/2021/11/8/palestinian-rights-activists-hacked-by-israeli-firm-nso-group
  84. https://www.amnesty.org/en/latest/news/2025/05/ruling-against-nso-group-in-whatsapp-case-a-momentous-win/
  85. https://www.delhipolicygroup.org/publication/policy-briefs/pegasus-privacy-and-national-security.html
  86. https://www.edps.europa.eu/system/files/2022-02/22-02-15_edps_preliminary_remarks_on_modern_spyware_en_0.pdf
  87. https://www.bostonreview.net/articles/cyberespionage-with-benefits/
  88. https://www.atlanticcouncil.org/in-depth-research-reports/report/mythical-beasts-and-where-to-find-them-mapping-the-global-spyware-market-and-its-threats-to-national-security-and-human-rights/
  89. https://www.theguardian.com/news/2022/jan/18/israeli-citizens-targeted-by-police-using-pegasus-spyware-report-claims
  90. https://www.nsogroup.com/wp-content/uploads/2021/06/ReportBooklet.pdf
  91. https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/
  92. https://www.nytimes.com/2025/05/06/technology/nso-meta-damages-whatsapp.html
  93. https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html
  94. https://www.securityweek.com/nso-ordered-to-stop-hacking-whatsapp-but-damages-cut-to-4-million/
  95. https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
  96. https://www.apple.com/newsroom/pdfs/Apple_v_NSO_Complaint_112321.pdf
  97. https://www.securityweek.com/apple-suddenly-drops-nso-group-spyware-lawsuit/
  98. https://cyberscoop.com/nso-group-court-filing-apple-lawsuit/
  99. https://knightcolumbia.org/blog/unlocking-justice-a-policy-roadmap-for-victims-of-spyware
  100. https://knightcolumbia.org/blog/spyware-company-nso-group-faces-setbacks-in-attempts-to-avoid-us-lawsuits
  101. https://epic.org/when-courts-reach-the-merits-spyware-loses/
  102. https://www.reuters.com/technology/us-blacklists-four-companies-israel-russia-singapore-citing-spyware-2021-11-03/
  103. https://dawnmena.org/u-s-commerce-department-do-not-remove-israeli-nso-group-from-blacklist/
  104. https://www.davispolk.com/experience/meta-and-whatsapp-awarded-168-million-damages-following-spyware-trial
  105. https://www.business-humanrights.org/en/latest-news/usa-court-finds-pegasus-spyware-maker-nso-group-liable-in-whatsapp-hack-case/
  106. https://www.darkreading.com/cyber-risk/whatsapp-ban-nso-group-legal-battle
  107. https://www.courthousenews.com/wp-content/uploads/2025/08/whatsapp-vs-nso-motion-permanent-injunction.pdf
  108. https://thecyberwire.com/newsletters/caveat-briefing/3/42
  109. https://www.timesofisrael.com/us-court-orders-israeli-spyware-company-nso-to-cease-targeting-whatsapp/
  110. https://thehackernews.com/2024/09/apple-drops-spyware-case-against-nso.html
  111. https://law.justia.com/cases/federal/appellate-courts/ca4/23-2234/23-2234-2025-05-21.html
  112. https://cdn.ca9.uscourts.gov/datastore/memoranda/2025/07/08/24-2179.pdf
  113. https://www.selendygay.com/news/general/2025-07-10-appeals-court-revives-journalists-case-against-spyware-manufacturer-nso-group
  114. https://gjia.georgetown.edu/2024/09/04/cyber-mercenaries-limiting-government-use-of-commercial-spyware/
  115. https://www.lawfaremedia.org/article/a-path-forward-for-israel-following-the-nso-scandal
  116. https://www.timesofisrael.com/defense-ministry-said-to-freeze-export-licenses-for-israeli-cyberattack-tech/
  117. https://www.pbs.org/newshour/world/fearing-misuse-israel-tightens-supervision-of-cyber-exports
  118. https://www.congress.gov/117/meeting/house/115009/documents/HHRG-117-JU00-20220719-SD004.pdf
  119. https://forbiddenstories.org/pegasus-the-new-global-weapon-for-silencing-journalists/
  120. https://rm.coe.int/pegasus-and-similar-spyware-and-secret-state-surveillance/1680ac7f68
  121. https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens
  122. https://www.europarl.europa.eu/doceo/document/A-9-2023-0189_EN.html
  123. https://carnegieendowment.org/research/2023/03/why-does-the-global-spyware-industry-continue-to-thrive-trends-explanations-and-responses?lang=en
  124. https://www.hrw.org/news/2022/01/26/human-rights-watch-among-pegasus-spyware-targets
  125. https://www.american.edu/sis/news/20250718-spyware-in-the-wrong-hands-what-can-governments-do.cfm
  126. https://news.ycombinator.com/item?id=45555570
  127. https://www.wired.com/story/nso-group-the-vogel-group-lobbying-trump-administration/
  128. https://www.linkedin.com/posts/nso-group_nso-groups-2024-transparency-and-responsibility-activity-7292213948743925761-1wl1
  129. https://www.amnesty.org/en/latest/press-release/2021/07/nso-group-new-transparency-report-another-missed-opportunity/
  130. https://www.occrp.org/en/news/nso-group-releases-transparency-report-amnesty-says-its-too-little-too-late
  131. https://siliconangle.com/2025/10/10/us-investor-consortium-buys-controlling-stake-spyware-developer-nso-group/
  132. https://www.business-humanrights.org/en/latest-news/nso-group-allegedly-pushes-for-comeback-under-trump-administration-raising-human-rights-concerns/
  133. https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/nso-group-acquisition-cybersecurity/
Add your contribution
Related Hubs
User Avatar
No comments yet.