Paragon spyware cancels contract with Italian government after targeting journalists and citizens across Europe

An illustration of a 1960s spy with sunglasses and a big coat

(Image credit: Shutterstock / rogistok)

Italian citizens were targeted by Paragon spyware, government says
A malicious PDF file was used to deploy malware through WhatsApp
Paragon has since cancelled its contract with Italy

The Italian government has confirmed in a statement that seven of its citizens, and many others across Europe, were targeted by Israeli spyware company Paragon Solutions.

The zero-click attack campaign used a malicious PDF file to infect users' devices through the WhatsApp messenger. The Italian ruling party, Fratelli d’Italia, has denied any involvement with the campaign.

Fanpage.it, whose director was targeted as part of the campaign, confirmed Paragon had terminated its contract with the Italian government for failing to comply with the “ethical framework” laid out in the agreement.

Paragon targets EU citizens

WhatsApp and its law firm Advant told the Italian National Cybersecurity Agency that seven Italian WhatsApp users were the targets of Paragon, but their identities could not be revealed because of privacy concerns.

Outside of Italy, citizens of Austria, Belgium, Cyprus, Czech Republic, Denmark, Germany, Greece, Latvia, Lithuania, the Netherlands, Portugal, Spain, and Sweden were also targeted in the campaign based on country phone codes.

The victims were mainly journalists and other members of civil society, WhatsApp confirmed last week after accusing Paragon of the spyware campaign and issuing a cease and desist letter.

Paragon also stated earlier this week that the US and “allies” were customers of the company, and said that the company has a “zero-tolerance policy” for the “illicit targeting of journalist and other civil society figures,” with Paragon further stating that it would “terminate our relationship with any customer” found in violation of this rule.

The Italian government also stated that as WhatsApp Ireland Limited is the European operator for Meta, only European Union members have been included in the list of countries, potentially indicating that countries outside of Europe were also targeted in the campaign.

Chinese hackers develop effective new hacking technique to go after business networks
These are the best encrypted messaging apps
Take a look at our guide to the best malware removal

TOPICS

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.