As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device. Today October 29th, WhatsApp is publicly attributing the attack to NSO Group, an Israeli spyware developer that also goes by the name Q Cyber Technologies.
“They get close to governments and when those governments do bad things with their products, commercial spyware companies can claim it’s not their fault,” Citizen Lab senior researcher John Scott-Railton told the New York Times.
After the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society, such as human rights defenders and journalists. As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.
We continue to investigate the incident, and conduct outreach with the individuals targeted with these attacks to assist them in becoming more secure, and to better understand the cases.