Purported Graphite Spyware Linked to Paragon Solutions Allegedly Deployed Against Journalists and Civil Society Workers

Paragon Solutions, an Israeli spyware company founded in 2019 by former Prime Minister Ehud Barak and former IDF Unit 8200 commander Ehud Schneorson, developed surveillance software called Graphite that was used to target journalists and civil society members through WhatsApp. The spyware exploited a zero-click vulnerability in WhatsApp, allowing attackers to add targets to WhatsApp groups and send malicious PDF files that automatically infected devices without user interaction. WhatsApp discovered and patched this vulnerability in December 2024 and subsequently notified approximately 90 users across 24 countries that they had been targeted. Among the confirmed victims were Italian journalist Francesco Cancellato, Mediterranea Saving Humans founders Luca Casarini and Dr Giuseppe Caccia, and activist David Yambio who works with Libyan migrants. The University of Toronto's Citizen Lab identified suspected Paragon deployments in Australia, Canada, Cyprus, Denmark, Israel, and Singapore, with potential links to the Ontario Provincial Police. Graphite operates by latching onto existing messaging apps rather than loading as a hidden process, making it harder to detect while providing operators complete access to encrypted communications. The Italian government initially denied involvement but Paragon reportedly terminated its contract with Italy after determining the country had breached terms prohibiting surveillance of journalists and civil society members.