This archive report was first published on 1 November 2019.
On April 29, 2019, a significant hacking incident occurred, targeting high-profile government and military officials across at least 20 countries on five continents. The hacking software exploited a flaw in WhatsApp-owned servers to gain access to the cellphones of at least 1,400 users.
According to sources familiar with WhatsApp's internal investigation, the victims include officials from the United States, United Arab Emirates, Bahrain, Mexico, Pakistan, and India. The exact number of victims could be higher, as a London-based human rights lawyer reported attempts to break into his phone dating back to April 1.
While the identity of the hackers remains unclear, NSO Group, the Israeli hacking tool developer, has stated that it sells its spyware exclusively to government customers. NSO has denied any wrongdoing, claiming its products are meant to help governments catch terrorists and criminals.
However, cybersecurity researchers have cast doubt on these claims, suggesting that NSO products have been used against a wide range of targets, including protesters in countries under authoritarian rule.
WhatsApp has filed a lawsuit against NSO Group, alleging that the company built and sold a hacking platform that exploited the flaw in WhatsApp-owned servers. The company has also sent warning notifications to affected users, but has declined to comment on the identities of NSO Group's clients.