The Italian government has revealed in a statement that a spyware campaign using tools from Paragon Solutions was being carried out. The situation was alerted by WhatsApp, the platform used for the attacks. The Paragon spyware-based attack was reportedly targeting victims in dozens of countries across Europe.
Dozens of citizens across Europe targeted by Paragon spyware-based attack
A hacker group of as yet unknown origin has been targeting victims in multiple countries, the Italian government statement says. Seven Italians have already fallen victim to the campaign, in addition to citizens in other countries. Italy’s Agenzia per la Cybersicurezza Nazionale (ANC) is currently conducting an investigation into the situation. However, there are no details yet that the cybersecurity agency can provide.
Due to the known targets of the attacks, some pointed to the Italian government as the potential origin. The list of victims includes Francesco Cancellato, a journalist who has written about Giorgia Meloni’s party, Italy’s Prime Minister, Luca Casarini, an immigration advocate, and a Libyan activist critical of Italy based in Sweden. However, the government statement “excludes” allegations that journalists and others have been “subjected to control by the intelligence, and therefore by the Government.”
Advant, a law firm representing WhatsApp, confirmed to the Italian government that seven Italian citizens were targeted by the attack. WhatsApp did not publicly disclose the identities of all those affected. The company cited security and privacy concerns for doing so. The Italian government statement says that instances of the attack have been detected targeting phone numbers in Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, the Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain, and Sweden.
What is Paragon?
Paragon Solutions is a company that provides surveillance technology to government agencies. The United States and unspecified “allies” are among the firm’s clients. However, Paragon claims it has a “zero-tolerance policy” against targeting journalists. The terms and conditions of use of its tools “requires that all users agree to terms and conditions that explicitly prohibit the illicit targeting of journalists and other civil society figures.”
The Paragon spyware-based attack on users in Europe was carried out through the distribution of an infected PDF file. That said, WhatsApp says it has already taken action and closed the attack avenues.
