Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook's security team to entice targets to click on links that would install the company's powerful cell phone hacking technology, according to data analyzed by Motherboard... It is not uncommon for hackers working for governments to impersonate Facebook... NSO is currently embroiled in a lawsuit with Facebook, which is suing the surveillance firm for leveraging a vulnerability in WhatsApp to let NSO clients remotely hack phones. Motherboard has also found more evidence that NSO used infrastructure based in the United States; a server used by NSO's system to deliver malware was owned by Amazon.

... A former NSO employee provided Motherboard with the IP address of a server setup to infect phones with NSO's Pegasus hacking tool... John Scott-Railton, a senior researcher from Citizen Lab, told Motherboard that the information provided by the former employee does appear to be NSO infrastructure. Facebook told Motherboard it gained ownership of the domain to stop others from misusing it... Motherboard recently revealed NSO tried to sell its hacking technology to local U.S. police, and that an NSO employee abused access to an installation of the Pegasus tool in the United Arab Emirates to target a love interest... Amazon did not respond to a request for comment asking if NSO has violated Amazon's terms of service by using its web servers to launch malware.