For a while, it has been thought that NSO flogs its spyware to government spooks who use it to install and extract the contents of dissidents’ mobile phones.  However, the court documents show that NSO’s services involve "installing and extracting" information from mobile phones targeted by its hacking software.

The revelations come from sworn depositions of NSO Group employees, portions of which were published for the first time on Thursday.

This development follows five years after WhatsApp, the popular messaging app owned by Facebook, first announced its lawsuit against NSO Group. NSO, blacklisted by the Biden administration in 2021, is known for creating what is considered the world's most sophisticated hacking software, reportedly used in countries like Saudi Arabia, Dubai, India, Mexico, Morocco, and Rwanda.

At the heart of the legal battle is WhatsApp's allegation that NSO Group, and not its government clients, was operating the spyware. NSO has consistently maintained that its product is designed to prevent serious crime and terrorism and that clients are obligated not to misuse the spyware.

The company has also insisted that it does not know who its clients are targeting.

Judge Phyllis Hamilton permitted WhatsApp to cite previously redacted depositions. In one deposition, an NSO employee stated that customers only needed to enter a phone number, and "the rest is done automatically by the system."

 This indicates that NSO, not the customers, controlled accessing WhatsApp's servers when designing and upgrading Pegasus to target individual phones.