According to Facebook, its attacks on WhatsApp users "were hosted by Amazon Web Services (AWS) in the US and by the Californian company QuadraNet (with a German provider)
Facebook claimed that NSO had a contract with QuadraNet using its server "more than 700 times during the attack to direct NSO's malware to WhatsApp user devices in April and May 2019." Moreover, the legal brief listed "subdomains which were all allegedly hosted on Amazon servers covering the dates of the attacks"
New revelations could make it harder for NSO Group to continue denying any US operations according to the Sunday report. NSO responded to the new legal brief on Facebook, saying "Our products are used to end terrorism, curb violent crime, and save lives.
NSO Group does not operate the Pegasus software for its customers, nor can it be used against US mobile phone numbers or devices within the United States' geographical boundaries.
NSO has in the past denied the allegations of hacking WhatsApp. NSO Group's CEO has argued in counter-allegations that Facebook proposed buying its malicious Pegasus software in 2017 to snoop on Apple iOS users.
In court documents filed in an ongoing lawsuit in which Facebook sued the NSO Group last year for snooping on WhatsApp users including in India, NSO CEO Shalev Hulio claimed that "two Facebook representatives approached NSO in October 2017 and asked to buy the right to use certain Pegasus capabilities." In a statement, a Facebook spokesperson said the NSO CEO misrepresents conversations between the company and Facebook employees.
"NSO is trying to distract from the facts Facebook and WhatsApp filed in court more than six months ago. Their attempt to avoid responsibility includes inaccurate representations about their spyware as well as a discussion with people working on Facebook," said the spokesman.
NSO has maintained that it only sells Pegasus to clients of intelligence agencies and law enforcement. Facebook has even blamed the operating system of Apple for hacking the phone of Amazon's founder and CEO Jeff Bezos.
Investigators believe Bezos' iPhone has been compromised after receiving a 4.4 MB video file containing malware via WhatsApp - in the same way that 1,400 select phones including journalists and human rights activists were broken into last year's NSO Group's Pegasus software.
In an interview with the BBC, Facebook's Global Affairs and Communications Vice President, Nick Clegg, said it wasn't WhatsApp's fault because end-to-end encryption is uncheckable and blamed the Bezos' episode for Apple's operating system.
The NSO Group has denied that it was part of hacking Bezos.