NSO Group's WhatsApp Evasion Exposes Limits of Sanctions in Mercenary Surveillance Arms Race

Meta's contempt filing against NSO Group marks a significant escalation beyond the 2025 $168 million damages award, revealing how the Israeli firm has shifted from direct server exploits to low-signature phishing domains like fr24cast[.]com to circumvent the 2021 permanent injunction. This adaptation underscores a pattern missed in initial coverage: NSO's post-sanction resilience mirrors tactics seen in parallel operations by Intellexa and Candiru, where fragmented infrastructure and proxy testing accounts allow continued targeting of journalists and dissidents despite U.S. Commerce Department blacklisting. The original report underplays the geopolitical ripple effects, including NSO's alleged role in UAE and Saudi campaigns that have prompted EU export control reviews and new calls for a global spyware moratorium. Drawing on Citizen Lab's 2023 Pegasus documentation and Amnesty International's forensic analyses of 2024-2025 infections, it is clear that end-to-end encryption alone fails against social engineering vectors, while Meta's strict account settings represent an industry-wide hardening that could deter smaller actors but not well-resourced state proxies. This legal pushback sets precedent for holding spyware vendors accountable across jurisdictions, yet enforcement gaps persist as NSO restructures operations offshore.