CyberSecurity news

FlagThis

Paolo Tarsitano@Cyber Security 360 //

Paragon Spyware Targets Human Rights Defenders

Citizen Lab researchers have identified several countries as potential customers of Paragon Solutions' Graphite spyware, which was used in attacks against human rights defenders. The investigation mapped the infrastructure of the Israel-based spyware maker, identifying servers likely used by customers in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. The findings follow WhatsApp's notification to numerous individuals that Paragon exploited the platform to deliver spyware to their phones.

The Citizen Lab report includes an infrastructure analysis of Graphite, a forensic analysis of infected devices belonging to members of civil society, and a closer look at the spyware's use in Canada and Italy. Meta (WhatsApp) confirmed these details were pivotal to their ongoing investigation into Paragon which allowed them to fix a zero-click exploit.

Paragon’s executive chairman, John Fleming, responded that Citizen Lab shared only a "very limited amount of information" beforehand, "some of which appears to be inaccurate," while declining to specify what was inaccurate. Despite Paragon's claims of selling only to democracies, the report raises concerns about potential abuse, suggesting their safeguards may not be sufficient.
Original img attribution: https://dnewpydm90vfx.cloudfront.net/wp-content/uploads/2025/03/Cyber-sorveglianza-in-Italia-Graphite-di-Paragon.jpg
ImgSrc: dnewpydm90vfx.c

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • infosec.exchange: Researchers mapped out the infrastructure of spyware maker Paragon Solutions, and say they were able to identify servers likely used by customers in several countries: Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Paragon’s executive chairman John Fleming said Citizen Lab shared in advance "very limited amount of information, some of which appears to be inaccurate." He declined to say what was inaccurate exactly.
  • The Citizen Lab: In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon's mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy. —
  • techcrunch.com: Researchers name several countries as potential Paragon spyware customers
  • CyberInsider: Paragon’s Spyware ‘Graphite’ Used in WhatsApp Attacks
  • securityaffairs.com: WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
  • Zack Whittaker: Researchers at Citizen Lab have named several countries as potential customers of Paragon's Graphite spyware, which Citizen Lab says was used in a widespread campaign targeting human rights defenders in Italy.
  • Metacurity: Australia, Canada, Cyprus, Denmark, Israel, and Singapore likely bought Paragon spyware, Citizen Lab
  • The Hacker News: Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
  • BleepingComputer: WhatsApp patched zero-day flaw used in Paragon spyware attacks
  • Cyber Security 360: Italia spiata: svelata la rete dello spyware Paragon Graphite
  • hackread.com: Israeli Spyware Graphite Targeted WhatsApp with 0-Click Exploit
  • The Register - Security: Paragon spyware deployed against journalists and activists, Citizen Lab claims
  • Christoffer S.: A First Look at Paragon's Proliferating Spyware Operations" investigates Paragon Solutions, an Israeli spyware vendor founded in 2019 that sells a product called Graphite.
  • IT-Connect: Une faille zero-click sur WhatsApp a été exploitée par un spyware de Paragon, à l'aide d'un simple document PDF.
  • Zack Whittaker: This week's edition of ~ this week in security ~ includes a look at Citizen Lab's report revealing Paragon spyware customers and victims, CISA scrambling to contact fired staff after court reverses layoffs, and Wiz joining Google Cloud. Plus, a brand new cyber cat, and more. Sign up/RSS: Read online: Donate/support:
Classification: