WhatsApp said on Friday that it had disrupted a hacking campaign that targeted around 90 users, including journalists and members of civil society.
A WhatsApp spokesperson told TechCrunch that the campaign was linked to Paragon, an Israeli spyware maker that was acquired in December of last year by American private equity giant AE Industrial Partners.
“We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” WhatsApp spokesperson Zade Alsawah told TechCrunch.
WhatsApp said that the hacking campaign used malicious PDFs sent via WhatsApp groups to compromise targets and said it had pushed a fix to prevent this mechanism.
John Scott-Railton, a senior researcher at The Citizen Lab who has for years investigated spyware companies and their abuses, told TechCrunch that they also have observed this hacking campaign by Paragon using this specific attack vector and that they are investigating it.
WhatsApp told TechCrunch that it believed the hacking campaign happened in December, and that it sent a cease and desist letter to Paragon.
Contact Us
Do you have more information about Paragon, and this spyware campaign? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Idan Nurick, the CEO of Paragon, did not respond to a request for comment sent via LinkedIn. AE Industrial did not respond to a request for comment.
This is the first time that Paragon has been publicly linked to a hacking campaign that allegedly targeted journalists and members of civil society. Ever since its founding in 2019, Paragon has been able to keep a low profile and avoid getting ensnared in scandals like other spyware makers such as Intellexa and NSO Group, which have both been the target of the U.S. government, with Intellexa and its founders being sanctioned and NSO Group being put on a blocklist.
Paragon, through its U.S. subsidiary, signed a contract with the U.S. Immigration and Customs Enforcement in September, as Wired revealed last year. The New Yorker cited a Paragon source as saying the contract came after a vetting process whereby the company demonstrated its technology had controls to prevent customers abroad from targeting U.S. residents.
At this point, it’s unclear who are targets of this spyware campaign revealed by WhatsApp.
Natalia Krapiva, the senior tech-legal counsel at Access Now, a digital rights organization that investigates spyware abuses, celebrated the actions taken by WhatsApp.
“For some time Paragon has had the reputation of a ‘better’ spyware company not implicated in obvious abuses, but WhatsApp’s recent revelations suggest otherwise,” Krapiva told TechCrunch. “This is not just a question of some bad apples — these types of abuses are a feature of the commercial spyware industry.”
On its official website, Paragon says it “provides our customers with ethically based tools, teams, and insights to disrupt intractable threats.”
