WhatsApp says it disrupted a hacking campaign targeting journalists with Paragon spyware

WhatsApp said on Friday that it had disrupted a hacking campaign that targeted around 90 users, including journalists and members of civil society.
A WhatsApp spokesperson told TechCrunch that the campaign was linked to Paragon, an Israeli spyware maker that was acquired in December of last year by American private equity giant AE Industrial.
“We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” WhatsApp spokesperson Zade Alsawah told TechCrunch.
WhatsApp said that the hacking campaign used malicious PDFs sent via WhatsApp groups to compromise targets and said it had pushed a fix to prevent this mechanism.
John Scott-Railton, a senior researcher who has for years investigated spyware companies and their abuses at Citizen Lab, told TechCrunch that they also have observed this hacking campaign by Paragon using this specific attack vector and that they are investigating it.
WhatsApp told TechCrunch that it believed the hacking campaign happened in December, and that it sent a cease and desist letter to Paragon.
Contact Us
Do you have more information about Paragon, and this spyware campaign? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Idan Nurick, the CEO of Paragon, did not respond to a request for comment sent via LinkedIn. AE Industrial did not respond to a request for comment.
This is the first time that Paragon has been publicly linked to a hacking campaign that allegedly targeted journalists and members of civil society. Ever since its founding in 2019, Paragon has been able to keep a low profile and avoid getting ensnared in scandals like other spyware makers such as Intellexa and NSO Group, which have both been sanctioned by the U.S. government.
Paragon, through its U.S. subsidiary, signed a contract with the U.S. Immigration and Customs Enforcement in September, as Wired revealed last year. The New Yorker cited a Paragon source as saying the contract came after a vetting process whereby the company demonstrated its technology had controls to prevent customers abroad from targeting U.S. residents.
At this point, it’s unclear who are targets of this spyware campaign revealed by WhatsApp.
Natalia Krapiva, the senior tech-legal counsel at Access Now, a digital rights organization that investigates spyware abuses, celebrated the actions taken by WhatsApp.
“For some time Paragon has had the reputation of a ‘better’ spyware company not implicated in obvious abuses, but WhatsApp’s recent revelations suggest otherwise,” Krapiva told TechCrunch.“This is not just a question of some bad apples — these types of abuses are a feature of the commercial spyware industry.”
You Might Also Like
Skype is shutting down in May — these are the best alternatives
After 23 years of connecting people around the world, Skype, the popular video-calling service, is shutting down. Microsoft, the parent...
What to know about TikTok’s uncertain future in the US and the people who want to buy it
TikTok, owned by the Chinese company ByteDance, has been at the center of controversy in the U.S. for four years...
DeepSeek: Everything you need to know about the AI chatbot app
DeepSeek has gone viral. Chinese AI lab DeepSeek broke into the mainstream consciousness this week after its chatbot app rose to...
Arizona proposes law that would shift wildfire liability from utilities to insurers
Arizona lawmakers are debating a bill that would protect utilities from wildfire-related lawsuits, a move that would likely send shockwaves...