You’ve probably seen the name NSO Group flashed across news chyrons more times than you can count. It’s the Israeli company behind Pegasus, that piece of software that can basically turn any smartphone into a pocket-sized spy. For a long time, the firm operated in this weird, shadowy space between a legitimate tech business and a digital arms dealer. Honestly, it’s been a wild ride.
Founded back in 2010 by Shalev Hulio, Omri Lavie, and Niv Karmi—the "NSO" is just an acronym of their first names—the company started with a relatively simple pitch. They wanted to help governments catch terrorists and child predators by cracking into encrypted messaging apps like WhatsApp and Signal. On paper, it sounds noble. In reality? It became a global scandal that hasn’t really stopped boiling.
Who is the NSO Group and why do they matter?
NSO Group isn't just some basement hacking collective. They are a high-stakes corporate entity that has changed hands more often than a hot potato. They were bought by Francisco Partners in 2014, then the founders bought them back in 2019, and by 2021, a management firm called Berkeley Research Group was in the mix.
As of early 2026, the company has undergone its most dramatic shift yet. A group of American investors, reportedly led by Hollywood producer Robert Simonds, took a controlling stake in the firm. This is huge. It marks a transition from a purely Israeli-controlled "cyber-intelligence" firm to one with significant U.S. financial backing, even as it remains blacklisted by the U.S. Commerce Department.
The tech they build, Pegasus, is what's known as "zero-click" spyware. This is the scary stuff. Most malware requires you to click a shady link or download a weird attachment. Not Pegasus. It exploits "zero-day" vulnerabilities—bugs that the phone manufacturer doesn't even know exist yet. You get a silent call or an invisible text, and boom. Your phone is wide open.
The 2025-2026 Legal Bloodbath
If you think NSO has had an easy time lately, you'd be wrong. They’ve been fighting a multi-front war in the courts. In May 2025, a federal jury in California handed down a massive ruling in a lawsuit brought by Meta (who owns WhatsApp). The jury found NSO liable for hacking into WhatsApp servers to plant spyware on the phones of roughly 1,400 users.
✨ Don't miss: uBlock Origin for Edge Browser: Why It’s Not Actually Dead (Yet)
- The Fine: NSO was slapped with a $168 million judgment.
- The Injunction: By late 2025, a permanent injunction was issued, basically banning NSO from touching Meta’s platforms ever again.
- The Fallout: NSO argued this injunction was "existential." Basically, they said if they can't use these platforms for their research, the company might die.
Apple also had a dog in this fight. However, in a surprising twist in late 2024, Apple actually moved to drop its lawsuit. Why? Because they didn't want to risk revealing their own high-level security secrets during the discovery process. It’s a classic case of the "defender’s dilemma." To prove someone hacked you, you sometimes have to show exactly how your defenses work. Apple decided that wasn't worth the risk.
Why the "Terrorist" Narrative doesn't always fit
NSO’s favorite talking point is that they only sell to "vetted" government agencies. They say their tools save lives. And to be fair, there are documented cases where Pegasus helped bust drug cartels or stop attacks. But the "Pegasus Project" investigation—a collaboration of over 80 journalists—blew a hole in that defense back in 2021.
They found that the spyware was being used to target people who were definitely not terrorists. We’re talking about:
- Journalists: Like the staff at The Wire in India or associates of Jamal Khashoggi.
- Activists: Human rights defenders in the UAE and Mexico.
- Politicians: Including French President Emmanuel Macron and various Catalan leaders.
- Royalty: Court documents even revealed Pegasus was used by the ruler of Dubai to target his ex-wife, Princess Haya.
This disconnect is why the U.S. government put them on the "Entity List" in 2021. Being on that list means U.S. companies can't sell technology to NSO. It’s a digital death sentence for a tech firm that relies on U.S. servers and software.
The New Guard: David Friedman and the 2026 Push
In a desperate bid to get off that blacklist, NSO recently appointed David Friedman, the former U.S. Ambassador to Israel, as their executive chairman. It's a calculated move. They want someone with deep political ties to argue that NSO is a vital asset for Western intelligence.
NSO also released a new "transparency report" in January 2026. Critics, however, are calling it "fluff." Groups like Access Now pointed out that the report lacks hard numbers on how many clients were actually kicked off for abuses. It’s a classic corporate PR move: say a lot of words about human rights without actually committing to anything that hurts the bottom line.
Can you actually protect yourself from NSO Group?
Honestly? If a nation-state wants to get into your phone and they’re using Pegasus, you’re in trouble. But you aren't totally helpless. The "zero-click" exploits NSO uses are incredibly expensive. We're talking millions of dollars per license. They don't waste these on average people. They save them for high-value targets.
Still, the tech leaks. What was state-of-the-art yesterday becomes a script-kiddie tool tomorrow.
Reboot your phone daily. It sounds stupidly simple, but many Pegasus infections are "non-persistent." They live in the phone's temporary memory. If you turn the phone off and on, the malware has to re-infect you. This gives the phone's security systems a chance to catch it.
Use Lockdown Mode. If you have an iPhone, Apple’s "Lockdown Mode" is specifically designed to break the features Pegasus exploits. It makes the phone a bit more annoying to use, but it closes the doors that NSO likes to walk through.
Keep everything updated. Most of the "zero-days" NSO used in 2023 were patched by 2024. If you’re running old software, you’re just leaving the window open.
What's next for the world's most famous spyware maker?
The acquisition by U.S. investors is the big story for 2026. If the new owners can convince Washington that NSO has "cleaned up its act," we might see them come off the blacklist. That would give them access to the massive U.S. law enforcement market.
But the legal precedents are stacking up against them. The $168 million Meta victory proved that "sovereign immunity" doesn't protect private companies just because they work for governments. If you're a tech worker or a privacy advocate, keep an eye on the damages trial scheduled for March 2025 and the subsequent appeals in 2026. It will set the rules for the entire "mercenary spyware" industry.
Actionable Steps for the Privacy-Conscious
- Audit your apps: Delete anything you don't use. Fewer apps mean a smaller "attack surface."
- Check for "Lockdown" options: On iOS, go to Settings > Privacy & Security > Lockdown Mode.
- Watch the news for "iMazing" or "MVT": These are forensic tools you can use to scan your own phone backups for signs of Pegasus.
- Stay skeptical: If you're a high-risk individual (journalist, lawyer, activist), use a separate "clean" device for sensitive communications and never take it near your personal phone.
The NSO Group story isn't over. It’s just moving into a more corporate, legally entangled phase. Whether they are "21st-century mercenaries" or "essential counter-terror tools" depends entirely on who you ask—and whose phone just got a silent notification.