As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device.

On Oct 29th, WhatsApp publicly attributed the attack to NSO Group, an Israeli spyware developer that also goes by the name Q Cyber Technologies.

After the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society, such as human rights defenders and journalists. As part of their investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.

Read the full report on

Follow this report in the news

Why WhatsApp is pushing back on NSP Group hacking (Washington Post)
Facebook sues Israeli company over WhatsApp spyware (CTV News)
WhatsApp sues Israeli surveillance firm over alleged cyber-espionage (CBC News)
WhatsApp says Israeli firm used its app in spy program (New York Times)
Facebook sues Israel’s NSO Group over alleged WhatsApp attack (Wall Street Journal)
WhatsApp claims that an Israeli tech firm’s spyware targeted human-rights activists and journalists (The New Yorker)
Inside the WhatsApp hack: how an Israeli technology was used to spy (Financial Times)
WhatsApp sues Israeli firm, accusing it of hacking activists’ phones (The Guardian)
WhatsApp sues Israeli company over cyberattack that it says targeted journalists, dissidents and diplomats (CNN)
WhatsApp: Indians among those ‘targeted’ by spyware (BBC Online)
NSO’s spying contract doesn’t limit use of its hacking tools to terrorism and crime (Vice)