By WhatsApp has recently disclosed that approximately 90 journalists and civil society members across 20 countries were targeted by spyware developed by the Isr*eli company Paragon Solutions. The spyware, known as Graphite, was delivered through malicious PDF files sent to the victims, enabling unauthorized access to personal data. This campaign was halted in December 2024.
Graphite employs a “zero-click” attack method, meaning it can compromise devices without any interaction from the target. Once installed, it grants extensive access to the infected device, including the ability to read encrypted messages. While WhatsApp identified the individuals targeted, the entity that commissioned these attacks remains unknown. In response, WhatsApp has notified the affected users, issued a cease-and-desist letter to Paragon, and is considering legal action.
Paragon Solutions, which markets itself as a “cyber defense” firm offering ethical solutions for digital data analysis, was recently acquired by AE Industrial Partners. Despite its claims of ethical practices and selling only to stable democratic governments, this incident raises significant concerns about the misuse of commercial spyware and its impact on privacy and civil liberties.
This revelation underscores the ongoing challenges posed by sophisticated spyware tools and the importance of vigilance in protecting personal data. WhatsApp’s proactive measures highlight the need for accountability within the spyware industry to prevent future abuses.
