Firstly, he's an idiot. His staff obviously don't brief him on the likely consequences of actions, they just go do it. Because he's a brutal dictator who has disloyal people executed.
Secondly, Saudi's don't have their own advanced cyber capabilities (unlike Iran, UAE, Israel, etc), they rely on buying help. And single use, no interaction, 0day RCEs for recent phones (and we can assume latest iOS or Pixel) are not that available. So they used what they could get their hands on.
It beats me that they couldn't steal the phone of someone else in Bezos's WhatsApp contacts and impersonate them. Maybe Bezos wouldn't have opened the attachment. But overall, I think they are just dumb.
There remains a small possibility that someone hacked the phone of MbS (I mean, everyone has thoughts about doing that) and then pivoted to attacking people in his contacts. But the whole NSO group involvement makes me think it wasn't that.
Secondly, Saudi's don't have their own advanced cyber capabilities (unlike Iran, UAE, Israel, etc), they rely on buying help. And single use, no interaction, 0day RCEs for recent phones (and we can assume latest iOS or Pixel) are not that available. So they used what they could get their hands on.
It beats me that they couldn't steal the phone of someone else in Bezos's WhatsApp contacts and impersonate them. Maybe Bezos wouldn't have opened the attachment. But overall, I think they are just dumb.
There remains a small possibility that someone hacked the phone of MbS (I mean, everyone has thoughts about doing that) and then pivoted to attacking people in his contacts. But the whole NSO group involvement makes me think it wasn't that.