WhatsApp has disclosed that fewer than 200 users worldwide may have been targeted in an advanced cyberespionage operation exploiting vulnerabilities in both its platform and Apple devices. Civil society activists appear to be among those impacted, raising fresh concerns over digital surveillance campaigns directed at civic groups.
Exploiting a Chain of Vulnerabilities
In a statement issued by Meta-owned WhatsApp it has confirmed identified and patched a previously unknown vulnerability that attackers used to hijack devices. The exploit relied on a “vulnerability chaining” technique where hackers linked weaknesses in WhatsApp and Apple operating systems to gain remote access to victims’ smartphones.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
The flaw potentially gave attackers the ability to infiltrate and control targeted devices, a method often associated with state-linked surveillance operations. WhatsApp has not disclosed the identities of the perpetrators or the victims but emphasized that the scope of the attack appeared limited, affecting fewer than 200 individuals worldwide.
Civil Society in the Crosshairs
Amnesty International’s Security Lab said early evidence suggested that members of civil society groups were among those targeted. Donncha Ó Cearbhaill, who heads the lab, confirmed that his team had begun collecting forensic data from suspected victims.
In a post on X (formerly Twitter), Ó Cearbhaill wrote that both iPhone and Android users were impacted, and that additional apps beyond WhatsApp may also have been exploited. “Initial signs suggest this campaign is not limited to one platform,” he said, warning that further investigation was underway.
The revelation has heightened concerns about the use of spyware against journalists, activists, and human rights defenders—groups that have previously been targeted by sophisticated hacking tools such as NSO Group’s Pegasus.
Containing the Fallout and Next Steps
WhatsApp confirmed that patches for the exploited vulnerabilities had already been rolled out to protect users. The company reiterated that it shares technical details with device manufacturers and security researchers to help contain such attacks. Apple has yet to comment on whether it is conducting its own investigation into the reported vulnerabilities.
While the relatively small number of targeted users suggests a highly focused espionage campaign, security experts warn that even narrowly tailored attacks can have chilling effects on free speech and civic activity. The combination of WhatsApp’s ubiquity over 2 billion global users and the sophistication of chained exploits underscores the persistent challenges of securing communications platforms.
For now, WhatsApp has urged all users to update their apps and device operating systems immediately. Investigators at Amnesty and other watchdog groups are continuing to monitor whether the campaign signals a broader wave of surveillance activity.