WhatsApp and its parent Facebook sued spyware manufacturer NSO Group, alleging that the Israeli company used malware to hack into the mobile phones of 1,400 people and conduct surveillance.
Between January 2018 and May of this year, NSO created WhatsApp accounts that it used to send malicious code to targeted devices, according to the lawsuit filed Tuesday in federal court in San Francisco. The bogus accounts were created using telephone numbers registered in different countries, including Cyprus, Israel, Brazil, Indonesia, Sweden, and the Netherlands. Between roughly April 29 and May 10, NSO unleashed its code over WhatsApp servers targeting attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials, the suit said.
While NSO was unable to break WhatsApp’s encryption, the company developed its malware to access messages and other communications after they were decrypted on the targeted devices.
A spokesman for NSO Group wasn’t able to immediately provide a comment.
Human rights groups and researchers have raised alarms for years about NSO Group, which makes mobile device surveillance software that ostensibly helps governments combat “terror and crime.” Activists, however, say governments misuse NSO’s products to target human rights defenders, journalists and critics.
NSO says its technology helps government intelligence and law enforcement agencies thwart major terrorist attacks, bring home abducted children and stop pedophiles and other criminals. But U.S. whistle-blower Edward Snowden last fall accused the company of helping Saudi Arabia track and kill government critic Jamal Khashoggi.
Banks that arranged the buyout of NSO Group earlier this year have struggled to place the $500 million of debt they had committed to provide for the deal as many investors deemed the company too risky to touch. They were forced to fund the loans with their own cash before being able to offload the debt at a discount of 90 cents on the dollar.
WhatsApp is seeking an injunction against NSO Group that would bar the company from using WhatsApp and Facebook services. In a Washington Post op-ed, WhatsApp CEO Will Cathcart said that leaders of tech firms should, at a minimum, “call for an immediate moratorium on the sale, transfer and use of dangerous spyware.”
The lawsuit comes after WhatsApp revealed a security flaw in May that allowed “an advanced cyber actor” to deliver malware via WhatsApp by placing a call to a user. WhatsApp said it had patched the vulnerability. While it didn’t name NSO Group for exploiting the vulnerability, the Israeli group was widely believed to have been behind it.
Human rights groups, including Amnesty International and Citizen Lab, have accused the NSO Group of selling its malware to oppressive regimes for the purpose of surveilling dissidents. In December 2018, Saudi dissident Omar Abdulaziz sued NSO Group, claiming the company’s software enabled the Kingdom of Saudi Arabia to hack his phone and track his communications with Khashoggi, the murdered Washington Post journalist. NSO has said the Abdulaziz lawsuit makes a number of false claims.
More must-read stories from Fortune:
—AT&T’s CEO appeased activist investor Elliott Management
—The wireless industry needs more airwaves, but it’s going to be costly
—Spotify’s way to convert free users to paying customers: even more freebies
—Apple looks ahead to augmented reality
—Lyft tries again with monthly memberships. Here’s how much it costs
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.