Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged today.
The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the users in question had been targeted and “possibly compromised”.
Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to be infected.
WhatsApp declined to disclose where the journalists and members of civil society were based, including whether they were based in the US.
Paragon has a US office in Chantilly, Virginia. The company has faced recent scrutiny after Wired magazine in October reported that it had entered into a $2m contract with the US Immigration and Customs Enforcement’s homeland security investigations division.
The division reportedly issued a stop-work order for the contract to verify whether it complied with a Biden administration executive order that restricted the use of spyware by the federal government.
WhatsApp said it had sent Paragon a “cease and desist” letter and that it was exploring its legal options. WhatsApp said the alleged attacks had been disrupted in December and that it was not clear how long the targets may have been under threat.
“WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users including journalists and members of civil society. We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” a company spokesperson said.
The Guardian reached out to Paragon Solutions for a comment but the company did not immediately respond.
Paragon’s spyware is known as Graphite and has capabilities that are comparable to NSO Group’s Pegasus spyware. Once a phone is infected with Graphite, the operator of the spyware has total access over the phone, including being able to read messages that are sent via encrypted applications like WhatsApp and Signal.
WhatsApp said it believed the so-called vector, or means by which the infection was delivered to users, was through a malicious pdf file that was sent to individuals who were added to group chats. WhatsApp said it could say with “confidence” that Paragon was linked to this targeting.
Have you been affected? If so please contact
[email protected]
#WhatsApp #journalists #civil #society #members #targets #Israeli #spyware #WhatsApp
