WhatsApp recently revealed a targeted spyware campaign linked to the Israeli firm Paragon, which affected 90 individuals, including journalists and civil society members. The platform confirmed that affected users have been directly notified.
Meta-owned messaging app WhatsApp confirmed that it was taking action to stop a spyware attack targeting approximately 90 individuals, including journalists and members of civil society organizations. Those affected have been directly notified about the security breach, however, WhatsApp has not disclosed the location of journalists and civil society members, including if any of them were based in the US.
WhatsApp’s investigation points to Paragon Solutions, an Israeli spyware firm acquired by AE Industrial Partners, as the perpetrator of this attack. Reportedly, the attack vector involved the distribution of malicious PDF files through WhatsApp groups. Experts claim the targeting was a “zero-click” attack, requiring no malicious links to be infected. WhatsApp has since released a security update to neutralize this vulnerability.
This campaign was also independently observed and is under investigation by John Scott-Railton, a senior researcher at The Citizen Lab, as he noted in a post on X (formerly Twitter).
NEW: @WhatsApp says Israeli mercenary spyware company #Paragon targeted scores of users around world.
The infection happened with no interaction. No link to click or attachment to open.
This is called a “zero-click” attack.
WA says targets included journalists & members of… pic.twitter.com/TekGNMdkoF
— John Scott-Railton (@jsrailton) February 1, 2025
WhatsApp believes the campaign occurred in December and has issued a cease and desist letter to Paragon. Since its inception in 2019, Paragon has maintained a low profile and has been embroiled in a hacking controversy for the first time, unlike other spyware makers like Intellexa and NSO Group, which have faced U.S. government sanctions and blocklists.
However, the company has been under scrutiny following Wired Magazine’s October report of the company signing a $2m contract with the US Immigration and Customs Enforcement’s homeland security investigations division.
This action follows WhatsApp’s successful legal challenge against NSO Group, another Israeli spyware firm, as reported by Hackread.com. In that case, the NSO Group was found liable for exploiting a WhatsApp vulnerability to deploy its Pegasus spyware on at least 1,400 devices, targeting journalists, activists, and government officials. Hackread.com had previously reported that WhatsApp discovered the vulnerability exploited in this attack in May 2019.
The recent Paragon campaign targeted individuals across over two dozen countries, particularly in Europe, with the Italian news outlet fanpage.it confirming it was among those targeted. WhatsApp collaborated with The Citizen Lab, a research group based at the University of Toronto, on its investigation.
According to Scott-Railton, the targeting of journalists and civil society is a systemic issue within the commercial spyware industry, not an isolated incident. He also highlighted the potential risk to government personnel from such attacks.
Paragon and AE Industrial Partners have yet to respond to this news.
WhatsApp’s previous legal victory against NSO Group and its ongoing efforts against Paragon demonstrate its commitment to challenging the spyware industry and protecting user privacy.
“This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” WhatsApp’s spokesperson stated.