Tech Beetle briefing GB

WhatsApp Reveals Israeli Spyware Targeted Journalists and Civil Society Members

Essential brief

Key facts

WhatsApp identified nearly 100 journalists and civil society members targeted by Paragon Solutions’ spyware.

The spyware attack was 'zero-click,' requiring no user interaction to infect devices.

Paragon’s spyware, Graphite, offers capabilities similar to NSO Group’s Pegasus, including access to encrypted messages.

WhatsApp has disrupted the attacks, notified victims, and sent Paragon a cease and desist letter while exploring legal options.

The incident highlights ongoing concerns about the misuse of commercial spyware and the need for stronger oversight.

Highlights

WhatsApp identified nearly 100 journalists and civil society members targeted by Paragon Solutions’ spyware.

The spyware attack was 'zero-click,' requiring no user interaction to infect devices.

Paragon’s spyware, Graphite, offers capabilities similar to NSO Group’s Pegasus, including access to encrypted messages.

WhatsApp has disrupted the attacks, notified victims, and sent Paragon a cease and desist letter while exploring legal options.

WhatsApp, the messaging platform owned by Meta, disclosed that nearly 100 journalists and civil society members were targeted by spyware developed by Paragon Solutions, an Israeli hacking software company.

The company expressed “high confidence” that approximately 90 users were targeted and possibly compromised through this spyware.

The attacks were characterized as “zero-click,” meaning the victims did not need to click on any malicious links to be infected.

WhatsApp has not revealed the geographic locations of the victims or the identity of those behind the attacks.

Paragon Solutions, known for its spyware called Graphite, reportedly has government clients but WhatsApp has been unable to identify which governments may have commissioned these attacks.

Graphite spyware has capabilities similar to the notorious NSO Group’s Pegasus, allowing full access to infected phones, including encrypted communications on apps like WhatsApp and Signal.

Paragon Solutions has been under scrutiny following reports of a $2 million contract with the US Immigration and Customs Enforcement, which was paused to ensure compliance with a Biden administration executive order restricting spyware use by the federal government.

WhatsApp has sent Paragon a cease and desist letter and is exploring legal actions.

The company disrupted the spyware campaign in December and is notifying affected users directly.

Experts and advocacy groups highlight this incident as emblematic of broader concerns about the commercial spyware industry’s abuses.

The infection vector was likely a malicious PDF sent to users added to group chats.

The Citizen Lab at the University of Toronto contributed intelligence that helped WhatsApp understand the attack method and plans to publish a detailed report.

This revelation comes shortly after WhatsApp won a significant legal victory against NSO Group, which was found liable for hacking attacks on WhatsApp users.

The ongoing exposure of spyware abuses raises urgent questions about regulation, accountability, and the protection of digital privacy for vulnerable groups such as journalists and civil society activists.