Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive.

Will Cathcart disclosed the new details about individuals who were targeted in the attack after revelations this week by the Pegasus project, a collaboration of 17 media organisations which investigated NSO, the Israeli company that sells its powerful surveillance software to government clients around the world.

Cathcart said that he saw parallels between the attack against WhatsApp users in 2019 – which is now the subject of a lawsuit brought by WhatsApp against NSO – and reports about a massive data leak that are at the centre of the Pegasus project.

... “The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart said in an interview with the Guardian. In addition to the “senior government officials”, WhatsApp found that journalists and human rights activists were targeted in the 2019 attack against its users. Many of the targets in the WhatsApp case, he said, had “no business being under surveillance in any way, shape, or form”.

“This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.”

... Cathcart questioned NSO’s claim that the [50,000] figure was in itself “exaggerated”, saying that WhatsApp had recorded an attack against 1,400 users over a two-week period in 2019.

“That tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high,” he said. “That’s why we felt it was so important to raise the concern around this.

... An NSO spokesperson said: “We are doing our best to help creating a safer world. Does Mr Cathcart have other alternatives that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of pedophiles, terrorists and criminals using end-to-end encryption platforms? If so, we would be happy to hear.”