Paragon Spyware Allegedly Used by Six Governments to Monitor Targets

A new report from The Citizen Lab suggests that the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore may be using spyware developed by Israeli firm Paragon Solutions. Founded in 2019 by Ehud Barak and Ehud Schneorson, Paragon is behind Graphite, a surveillance tool designed to extract sensitive data from instant messaging applications.

Researchers linked these governments to suspected Graphite activity by analyzing associated server infrastructure. This revelation follows WhatsApp’s December 2024 disruption of attacks involving spyware, which targeted around 90 journalists and civil society members across more than 24 countries, including several in Europe.

The attack method involved adding targets to a WhatsApp group and sending a malicious PDF that exploited a now-patched zero-day vulnerability to deploy Graphite. The spyware then attempted to escape Android’s security sandbox to access other apps. A forensic artifact, dubbed BIGPRETZEL, has been identified as a potential marker of Graphite infections.

Additionally, evidence suggests an iPhone belonging to the founder of Refugees in Libya was compromised in June 2024. Apple has since patched the exploit in iOS 18, emphasizing the high cost and sophistication of mercenary spyware attacks and their targeted nature.