Paragon spyware cancels contract with Italian government after targeting journalists and citizens across Europe

An illustration of a 1960s spy with sunglasses and a big coat
(Image credit: Shutterstock / rogistok)

  • Italian citizens were targeted by Paragon spyware, government says
  • A malicious PDF file was used to deploy malware through WhatsApp
  • Paragon has since cancelled its contract with Italy

The Italian government has confirmed in a statement that seven of its citizens, and many others across Europe, were targeted by Israeli spyware company Paragon Solutions.

The zero-click attack campaign used a malicious PDF file to infect users' devices through the WhatsApp messenger. The Italian ruling party, Fratelli d’Italia, has denied any involvement with the campaign.

Fanpage.it, whose director was targeted as part of the campaign, confirmed Paragon had terminated its contract with the Italian government for failing to comply with the “ethical framework” laid out in the agreement.

Paragon targets EU citizens

WhatsApp and its law firm Advant told the Italian National Cybersecurity Agency that seven Italian WhatsApp users were the targets of Paragon, but their identities could not be revealed because of privacy concerns.

Outside of Italy, citizens of Austria, Belgium, Cyprus, Czech Republic, Denmark, Germany, Greece, Latvia, Lithuania, the Netherlands, Portugal, Spain, and Sweden were also targeted in the campaign based on country phone codes.

The victims were mainly journalists and other members of civil society, WhatsApp confirmed last week after accusing Paragon of the spyware campaign and issuing a cease and desist letter.

Paragon also stated earlier this week that the US and “allies” were customers of the company, and said that the company has a “zero-tolerance policy” for the “illicit targeting of journalist and other civil society figures,” with Paragon further stating that it would “terminate our relationship with any customer” found in violation of this rule.

The Italian government also stated that as WhatsApp Ireland Limited is the European operator for Meta, only European Union members have been included in the list of countries, potentially indicating that countries outside of Europe were also targeted in the campaign.

You might also like

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
WhatsApp China VPN
Paragon spyware campaign targeting journalists disrupted by WhatsApp
Giant eye watching at man working at the computer. Surveillance, hacking, internet security concept. Flat vector illustration.
Israeli spyware company confirms US government and friends are customers
Trojan
WhatsApp patches security flaw which let hackers install spyware
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Russian criminal gang Star Blizzard found hitting WhatsApp accounts
DeepSeek on an iPhone
Italy launches DeepSeek investigation over privacy concerns
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring