WhatsApp Alerts Users of Attack from New Israeli Spyware Company
WhatsApp has sent a cease-and-desist letter to Paragon Solutions in response to a hack attack that targeted individuals in journalism and civil society. Read Full Article at RT.com
TroibNews 
Following a hack attack, WhatsApp has sent a cease-and-desist letter to Paragon Solutions.
Meta's widely used messaging service has notified nearly 100 journalists and civil society members about potential breaches of their devices involving spyware from Israeli company Paragon Solutions, as confirmed by a company official to Reuters on Friday.
These individuals may have fallen victim to a zero-click attack, which could have been triggered by a malicious PDF circulated in group chats, according to WhatsApp.
The attackers' identities remain unknown, although Paragon’s software is typically utilized by government clients. After uncovering and addressing the hacking incident, WhatsApp took action against Paragon by issuing the letter. The situation has also been reported to law enforcement and Citizen Lab, a Canadian internet watchdog.
Paragon has refrained from commenting on the allegations, Reuters reported.
Citizen Lab researcher John Scott-Railton remarked that the incident “is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use.”
Paragon’s website promotes "ethically based tools, teams, and insights to disrupt intractable threats" while asserting that its products are sold exclusively to governments in stable democratic countries. Among its offerings is Graphite, spyware that permits comprehensive access to phones.
Despite Paragon’s claims of ethical operations, WhatsApp’s findings suggest a different narrative. Natalia Krapiva, senior tech-legal counsel at Access Now, told Reuters that such abuses are not isolated events, stating, “This is not just a question of some bad apples – these types of abuses are a feature of the commercial spyware industry.”
This incident is part of a larger context of legal challenges facing Israeli spyware companies. In December 2024, a US judge found NSO Group, the developer of Pegasus spyware, liable for hacking the phones of 1,400 individuals through WhatsApp in May 2019. This ruling determined that NSO violated both US state and federal hacking laws, alongside WhatsApp’s terms of service. A forthcoming trial in March will assess the damages NSO Group owes to WhatsApp.
Ongoing litigation documents reveal that it is NSO Group, and not its government clients, that directly installs and retrieves information via its spyware. This information contradicts NSO’s previous assertions that the system was operated solely by its clients without direct involvement from NSO.
James del Carmen contributed to this report for TROIB News
Meta's widely used messaging service has notified nearly 100 journalists and civil society members about potential breaches of their devices involving spyware from Israeli company Paragon Solutions, as confirmed by a company official to Reuters on Friday.
These individuals may have fallen victim to a zero-click attack, which could have been triggered by a malicious PDF circulated in group chats, according to WhatsApp.
The attackers' identities remain unknown, although Paragon’s software is typically utilized by government clients. After uncovering and addressing the hacking incident, WhatsApp took action against Paragon by issuing the letter. The situation has also been reported to law enforcement and Citizen Lab, a Canadian internet watchdog.
Paragon has refrained from commenting on the allegations, Reuters reported.
Citizen Lab researcher John Scott-Railton remarked that the incident “is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use.”
Paragon’s website promotes "ethically based tools, teams, and insights to disrupt intractable threats" while asserting that its products are sold exclusively to governments in stable democratic countries. Among its offerings is Graphite, spyware that permits comprehensive access to phones.
Despite Paragon’s claims of ethical operations, WhatsApp’s findings suggest a different narrative. Natalia Krapiva, senior tech-legal counsel at Access Now, told Reuters that such abuses are not isolated events, stating, “This is not just a question of some bad apples – these types of abuses are a feature of the commercial spyware industry.”
This incident is part of a larger context of legal challenges facing Israeli spyware companies. In December 2024, a US judge found NSO Group, the developer of Pegasus spyware, liable for hacking the phones of 1,400 individuals through WhatsApp in May 2019. This ruling determined that NSO violated both US state and federal hacking laws, alongside WhatsApp’s terms of service. A forthcoming trial in March will assess the damages NSO Group owes to WhatsApp.
Ongoing litigation documents reveal that it is NSO Group, and not its government clients, that directly installs and retrieves information via its spyware. This information contradicts NSO’s previous assertions that the system was operated solely by its clients without direct involvement from NSO.
James del Carmen contributed to this report for TROIB News
