WhatsApp users in more than two dozen countries have been affected by a sophisticated spyware attack, with at least seven confirmed cases in Italy, prompting the government to launch an investigation. The spyware, linked to the Israeli surveillance company Paragon Solutions, was used to target journalists, activists, and civil society members, using a “zero-click” hack that does not require any user interaction.
Affected users in Italy
Meta Platforms, the parent company of WhatsApp, alerted the Italian National Cybersecurity Agency after it received reports that the spyware had been used against several individuals in Italy.
Among those affected were Luca Casarini, a well-known migrant rescue activist and co-founder of Mediterranea Saving Humans, and Francesco Cancellato, an investigative journalist. Casarini shared a WhatsApp alert he received from the messaging service, which informed him that his device had been compromised. The alert coincided with Meta’s announcement that Paragon Solutions had targeted roughly 90 users across more than two dozen countries.
In a statement, Prime Minister Giorgia Meloni’s office condemned the incident, calling it “particularly serious,” and confirmed that the National Cybersecurity Agency was investigating the matter. While Meloni’s office denied any involvement in the hacking attempt, it refrained from naming the victims, citing privacy concerns. The spyware, which has been found across multiple European Union countries, including Belgium, Spain, and Greece, is believed to have been used for surveillance on a global scale.
What is a ‘Zero-click’ spyware?
WhatsApp disclosed that Paragon Solutions, which it claims is a US-based company, had used a highly advanced technique to exploit the vulnerability in its platform. The spyware’s “zero-click” nature means that it can infiltrate a device without any action on the part of the target, making it especially difficult to detect. Meta issued a cease-and-desist letter to Paragon Solutions, demanding that the company halt its operations targeting WhatsApp users.
The spyware was part of a broader surveillance effort involving Paragon, a company that has previously been linked to selling spyware tools to government clients under the guise of countering crime and safeguarding national security. However, the use of such tools against journalists, activists, and other figures of civil society raises serious ethical concerns.
Casarini, who has faced criticism from anti-migrant groups in Italy for his humanitarian work, expressed his shock and anger at the intrusion, calling it a “violation of democracy.” Cancellato, the journalist, said he was also “shocked” by the breach, but vowed to reserve judgment on who was behind the hack until his newspaper conducted its own investigation.
Citizen Lab, a Canadian-based watchdog group, has been referred to as part of WhatsApp’s response, and the company has vowed to continue its efforts to protect the privacy of its users. Researchers have warned that the proliferation of commercial spyware is becoming an increasing threat to privacy and freedom of speech, particularly as mercenary spyware companies like Paragon Solutions continue to operate without sufficient oversight.
(With inputs from Reuters)
