Facebook has sued an Israeli surveillance company NSO Group, saying it targeted 1,400 WhatsApp users, including respected members of the civil society, with highly sophisticated malware.
This is the first time an encrypted messaging provider has taken legal action against a private entity that has carried out this type of attack against its users.
In May 2019, WhatsApp stopped a highly sophisticated cyberattack that exploited its video calling system in order to send malware to the mobile devices of a number of WhatsApp users via missed calls.
According to Facebook, the NSO Group violated laws including the US Computer Fraud and Abuse Act and used a flaw in WhatsApp to hack into user's smartphones.
"It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world," the head of WhatsApp, Will Cathart, wrote in an op-ed published by The Washington Post.
In a statement, NSO Group denied performing any such act, saying it disputed the allegations and vowed to "vigorously fight them."
"The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime," the company said.
"Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years."
Facebook lawsuit seeks unspecified damages from the NSO Group.
To understand the nature of the attack, WhatsApp took help of cyber security experts at the Citizen Lab, an academic research group based at the University of Toronto's Munk School.
"WhatsApp has filed a complaint in US court that attributes the attack to a spyware company called NSO Group and its parent company Q Cyber Technologies.
"The complaint alleges they violated both US and California laws as well as the WhatsApp Terms of Service, which prohibits this type of abuse. We are seeking a permanent injunction banning NSO from using our service," said WhatsApp.