WhatsApp has detected cyberattacks on about 100 journalists and activists in Europe through the Graphite spyware from Paragon Solutions. The attacks were carried out through a “zero-click” vulnerability in group chats.
WhatsApp has sent warnings to nearly 100 journalists and members of NGOs after it emerged that their devices may have been compromised by spyware from Israeli company Paragon Solutions. The cyberattack affects people with phone numbers from 14 EU countries.
Reports UNN with reference to Ynetnews and Der Standard.
Details
For 90 journalists, activists and other civil society activists in Europe were monitored using spyware from Paragon Solutions.
Help
Paragon Solutions was founded in Tel Aviv in 2019 with the participation of former Israeli Prime Minister Ehud Barak. In 2024, it was sold to the American private equity firm AE.
Paragon Solutions offers spyware called Graphite. Paragon sells the software exclusively to the US government or allies. The company does not disclose which countries are involved.
According to the Israeli portal Ynetnews, in the case of a cyberattack on WhatsApp, Paragon sees itself as a victim in this case.
How the cyberattacks were carried out
According to the messaging platform owned by Meta, the attacks used the so-called “zero-click” vulnerability, when the victim did not even need to click on the link – the infection could be delivered via a malicious PDF file sent in group chats.
WhatsApp detected and neutralized the attempted attack. The identities of the attackers behind the attacks are not yet known. But there is a connection to Paragon. The spyware developed by Paragon Solutions usually targets government clients. WhatsApp has officially called on Paragon to cease its activities. Paragon Solutions declined to comment on the allegations.
Citizens in Italy were affected by the spying campaign
The Italian government said in a statement that the cybersecurity agency in Rome (Agenzia per la Cybersicurezza Nazionale, ACN) had contacted WhatsApp and its legal representatives. Authorities were told that seven Italian citizens had been affected by the spying campaign. WhatsApp did not reveal their identities to the Italian government, but said that all those affected had been informed.
On Thursday, it was announced that Paragon had immediately stopped working with the Italian government. According to the Israeli daily Haaretz, the spyware is being used by two Italian authorities: an unnamed law enforcement agency and an intelligence service.
EU concerned about cyberattack
Brussels said on Thursday that the investigation is the responsibility of national authorities.
The Commission expects national authorities to thoroughly investigate such allegations. The Commission's position is very clear: any attempt to illegally access citizens' data, including that of journalists and political opponents, is unacceptable if confirmed
– said the EU spokesperson.
Addition
This is the first time Paragon Solutions has been named in such a case, but it is not the first time the Israeli spyware company has gotten into trouble. NSO Group, the company that developed the infamous Pegasus spyware, was found liable by a US judge in December 2024.
NSO Group violated US state and federal laws by hacking the phones of 1,400 WhatsApp users in May 2019
– the judge's decision states.