Last month we reported that Israel-based NSO Group, known for making spyware and focusing mainly on government agencies, was alleging that one of its ex-employees stole code to sell on the dark web. Today, NSO Group is in the news again—this time for allegedly trying to spy on an employee of the human rights group Amnesty International.

The story began in June, with a staff member of Amnesty International receiving a text via WhatsApp. The unknown sender was asking the recipient to cover a protest outside of the Saudi embassy in Washington, DC. Forbes reports that within the text was a link, which if clicked, Amnesty believes would lead to a website run by NSO. “The Israeli company’s tech uses such websites as launchpads, taking the target through to another site that’s used to launch attacks on target smartphones, according to Amnesty and Citizen Lab. If successful, this results in infection of the device with Pegasus,” writes Forbes.

The Pegasus tool is known for being very powerful malware. According to Newsweek, it “can snoop on keystrokes, audio and browser history with a single click.” Al Jazeera adds that it can steal everything on the phone: “every contact name and phone number, text message, email, Facebook message, everything from Skype, WhatsApp, Viber, WeChat and Telegram.”

While the Amnesty employee managed to avoid infection, the incident set off an investigation by the global rights group, resulting in a 20-page report and charges that the hacking attempt was designed to spy on the organization. In a press release on the nonprofit’s website, Joshua Franco, Amnesty’s head of technology and human rights stated, “We therefore believe that this was a deliberate attempt to infiltrate Amnesty International by a government hostile to our human rights work.”

The Washington Post reports, that the NSO Group issued its own statement, reiterating that its product was “intended to be used exclusively for the investigation and prevention of crime and terrorism.” NSO also said allegations of wrongdoing would be investigated. The Post added, “In response to a series of written questions, the company said past allegations of customer misuse had, in an undisclosed number of cases, led to the termination of contracts.”

Get the full story at Forbes.