Cyber Crime
Pegasus 2.0? Israeli Firm Paragon’s Zero-Click Spyware Targets Journalists!
Meta-owned WhatsApp announced on Friday that it successfully disrupted a spyware campaign targeting journalists and civil society members. The campaign, which affected around 90 individuals, involved the use of spyware developed by Israeli company Paragon Solutions. The attackers were neutralized in December 2024.
Zero-Click Attack via WhatsApp Group Chats
WhatsApp’s end-to-end encrypted messaging platform was exploited using a zero-click attack, meaning the spyware was deployed without requiring any interaction from the target. It is suspected that specially crafted PDF files were sent to individuals added to WhatsApp group chats, allowing the attackers to gain unauthorized access.
In a statement to The Guardian, WhatsApp confirmed that it had contacted the affected users, expressing “high confidence” that they were targeted and potentially compromised. However, the identity of the perpetrators and the duration of the campaign remain unknown. The targets were spread across two dozen countries, including several in Europe. WhatsApp has provided affected parties with guidance on safeguarding their digital security.
Registrations Open for FutureCrime Summit 2025: India’s Largest Conference on Technology-Driven Crime
WhatsApp’s Action Against Paragon Solutions
WhatsApp has issued a cease-and-desist letter to Paragon Solutions and is exploring further legal action against the company. The incident marks the first time Paragon’s spyware has been publicly linked to such misuse.
Paragon Solutions, like the controversial NSO Group, develops surveillance software for government agencies. Its flagship spyware, Graphite, is marketed as a tool to combat digital threats. In December 2024, Paragon was acquired by AE Industrial Partners, a U.S.-based investment firm, in a $500 million deal.
On its official website, Paragon claims to provide “ethically based tools” to address cyber threats, offering forensic capabilities to locate and analyze digital data. However, past reports indicate its software has been used in questionable operations. In 2022, it was revealed that the U.S. Drug Enforcement Administration (DEA) used Graphite for counternarcotics operations. In 2023, the Center for Democracy and Technology (CDT) urged the U.S. Department of Homeland Security to disclose details about a $2 million contract with Paragon.
Meta’s Legal Victory Against NSO Group
WhatsApp’s disclosure comes just weeks after it won a landmark case against NSO Group. A California judge ruled in WhatsApp’s favor, holding NSO accountable for using the platform’s infrastructure to deploy Pegasus spyware on 1,400 devices in May 2019.
The revelations also coincided with the arrest of former Polish Justice Minister Zbigniew Ziobro, accused of authorizing Pegasus spyware to surveil opposition leaders. This latest incident further underscores the global threat posed by commercial spyware firms and the need for stronger regulations to hold them accountable.
