Meta-owned messaging service WhatsApp has accused Israeli spyware firm Paragon Solutions of targeting around 90 users, including journalists and civil society members, in a covert surveillance operation. A WhatsApp official told Reuters that the company had sent Paragon Solutions a cease-and-desist letter following the alleged attack.
According to the WhatsApp official, the company detected a hacking attempt affecting individuals in more than two dozen countries. The official did not disclose specific names but confirmed that targeted individuals were spread across multiple regions, including Europe. The company referred affected users to Citizen Lab, a Canadian cybersecurity research group that has previously investigated commercial spyware operations.
Surveillance campaign identified
The attack involved a “zero-click” exploit, a method that does not require any user interaction for a device to be compromised. WhatsApp said that it had since disrupted the campaign and alerted law enforcement and industry partners, though it did not provide details on how it linked the attack to Paragon Solutions.
In response to the alleged hacking, WhatsApp stated that it remains committed to protecting user privacy. The company stated that it will continue to protect people’s ability to communicate privately. WhatsApp also told The Guardian that it had “high confidence” that the affected users had been targeted and “possibly compromised.” The company is in the process of notifying them directly.
Paragon Solutions declined to comment on the allegations. The company, which develops spyware for government clients, has positioned itself as a provider of lawful surveillance tools. Reports indicate that it only sells to governments in what it describes as stable democratic countries.
The Israeli company has faced scrutiny in recent months. In October 2024, Wired reported that the company had signed a $2m contract with the US Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations division. However, the agency later issued a stop-work order to ensure compliance with a US executive order restricting spyware use. The executive order, issued in 2023, prohibits the use of spyware deemed a national security risk. The restriction remains in place despite changes in US administration policies.
Paragon Solutions was recently acquired by AE Industrial Partners, a Florida-based private equity firm, in a deal reportedly valued at $900m. The sale has not yet received full regulatory approval from Israel’s Ministry of Defence, which oversees the export of cyberweapons such as Paragon Solutions’ Graphite spyware. Graphite is said to operate similarly to NSO Group’s Pegasus software, allowing full access to infected devices, including encrypted messages sent via apps like WhatsApp and Signal.
WhatsApp said that the hacking campaign was disrupted in December 2024, but the duration of the surveillance remains unclear. The company is notifying affected users while exploring legal options against Paragon Solutions.
Read more: Apple warns users in 92 countries that they are targets for “mercenary spyware attack”
