A new investigative report from The Citizen Lab reveals that six governments - Australia, Canada, Cyprus, Denmark, Israel, and Singapore - are suspected of using sophisticated spyware developed by Israeli firm Paragon Solutions.
The spyware, known as Graphite, can extract sensitive data from instant messaging applications on targeted devices. The Citizen Lab identified these governments through analysis of server infrastructure linked to the surveillance tool.
This revelation follows WhatsApp's December 2024 announcement that approximately 90 journalists and civil society members were targeted by Graphite attacks. The targets spanned over 25 countries, with heavy concentration in European nations including Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain, and Sweden.
The attack method involved adding targets to WhatsApp groups and sending PDF documents that exploited a zero-day vulnerability. Once triggered, the spyware could breach Android's security sandbox to compromise other applications.
Researchers discovered a forensic indicator called BIGPRETZEL that appears unique to Graphite infections. Additionally, evidence emerged of an iPhone belonging to the founder of Refugees in Libya being targeted in June 2024, prompting Apple to patch the vulnerability in iOS 18.
According to Apple, these mercenary spyware attacks are highly sophisticated operations costing millions to develop. They typically target specific individuals based on their identity or activities.
Paragon Solutions, established in 2019 by Ehud Barak and Ehud Schneorson, continues to face scrutiny over its surveillance technology. WhatsApp maintains its commitment to protecting user privacy and calls for greater accountability from spyware companies engaged in unlawful activities.