Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets
- С сайта: Zero-Day(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Zero-Day(cybersecuritynews.com)
Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members.
Following the investigation, WhatsApp notified approximately 90 potential victims and confirmed the attack was mitigated.
Established in Israel in 2019, Paragon Solutions was founded by notable figures, including former Israeli Prime Minister Ehud Barak and Ehud Schneorson, former commander of Israel’s Unit 8200 intelligence unit.
The company markets its Graphite spyware as a more targeted tool that accesses messaging applications rather than taking “complete control” of devices like NSO Group’s notorious Pegasus spyware.
A senior Paragon executive previously claimed the company would only sell to governments that “abide by international norms and respect fundamental rights and freedoms.”
Citizen Lab investigation after starts from a tip about distinctive server infrastructure. Using unique fingerprinting techniques, they identified approximately 150 certificates linked to Paragon’s command and control servers.
Paragon Infrastructure
The investigation revealed suspected Paragon deployments across multiple countries, including Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
The investigation surfaced potential links between Paragon and the Ontario Provincial Police (OPP) in Canada.
Researchers found suspicious IP address registrations under the name “Integrated Communications,” with one registration matching the OPP’s General Headquarters address.
This discovery aligns with previous reports of Canadian law enforcement agencies expanding their use of spyware technologies without adequate public oversight.
WhatsApp Zero-Click Exploit
The attack involved sending malicious PDF files to targets via WhatsApp group chats.When received, the victim’s device would automatically process the PDF, exploiting the vulnerability to load the Graphite spyware implant into WhatsApp without any user interaction.
Whatsapp Zero-day
Researchers shared their infrastructure analysis with Meta, which proved “pivotal” to the company’s ongoing Paragon investigation.
This collaboration helped WhatsApp identify, mitigate, and attribute a zero-click exploit actively deployed against targets.
On January 31, 2025, WhatsApp notified approximately 90 accounts believed to have been targeted by Paragon’s spyware. Multiple WhatsApp notification recipients in Italy consented to forensic analysis of their devices.
The investigation confirmed the presence of a unique forensic artifact dubbed “BIGPRETZEL” on multiple devices, which WhatsApp confirmed is associated with Paragon infections.
The victims included Francesco Cancellato, editor-in-chief of Fanpage.it, and multiple members of Mediterranea Saving Humans, an organization that rescues migrants in the Mediterranean Sea.
Related iPhone Targeting and Italian Government Response
A related case involved David Yambio, founder of Refugees in Libya, who received an Apple notification about spyware targeting in November 2024.
Forensic analysis revealed an attempt to infect his iPhone with novel spyware in June 2024, which Apple confirmed they patched in iOS 18.
After initial denials, the Italian government eventually confirmed it was a Paragon customer, though officials denied targeting journalists and activists.
The government later announced a suspension of Paragon deployments pending investigation.
This case challenges Paragon’s claims of having developed an abuse-proof business model, demonstrating that commercial spyware, even when sold to democratic governments, remains vulnerable to misuse against legitimate civil society actors.
#Cyber_Security #Cyber_Security_News #Vulnerability_News #WhatsApp #Zero-Day #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets
Author: Guru BaranResearchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members.
Following the investigation, WhatsApp notified approximately 90 potential victims and confirmed the attack was mitigated.
Established in Israel in 2019, Paragon Solutions was founded by notable figures, including former Israeli Prime Minister Ehud Barak and Ehud Schneorson, former commander of Israel’s Unit 8200 intelligence unit.
The company markets its Graphite spyware as a more targeted tool that accesses messaging applications rather than taking “complete control” of devices like NSO Group’s notorious Pegasus spyware.
A senior Paragon executive previously claimed the company would only sell to governments that “abide by international norms and respect fundamental rights and freedoms.”
Citizen Lab investigation after starts from a tip about distinctive server infrastructure. Using unique fingerprinting techniques, they identified approximately 150 certificates linked to Paragon’s command and control servers.
Paragon InfrastructureThe investigation revealed suspected Paragon deployments across multiple countries, including Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
The investigation surfaced potential links between Paragon and the Ontario Provincial Police (OPP) in Canada.
Researchers found suspicious IP address registrations under the name “Integrated Communications,” with one registration matching the OPP’s General Headquarters address.
This discovery aligns with previous reports of Canadian law enforcement agencies expanding their use of spyware technologies without adequate public oversight.
WhatsApp Zero-Click Exploit
The attack involved sending malicious PDF files to targets via WhatsApp group chats.When received, the victim’s device would automatically process the PDF, exploiting the vulnerability to load the Graphite spyware implant into WhatsApp without any user interaction.
- Approximately 90 users across over two dozen countries were targeted, including journalists and civil society members.
- The spyware was able to escape the Android sandbox and compromise other apps on targeted devices.
- It provided attackers access to the victims’ messaging applications.
- WhatsApp discovered and mitigated the exploit in December 2024.
- The vulnerability was patched without requiring a client-side update, suggesting it was fixed server-side.
- No CVE identifier was assigned to this vulnerability.
Whatsapp Zero-dayResearchers shared their infrastructure analysis with Meta, which proved “pivotal” to the company’s ongoing Paragon investigation.
This collaboration helped WhatsApp identify, mitigate, and attribute a zero-click exploit actively deployed against targets.
On January 31, 2025, WhatsApp notified approximately 90 accounts believed to have been targeted by Paragon’s spyware. Multiple WhatsApp notification recipients in Italy consented to forensic analysis of their devices.
The investigation confirmed the presence of a unique forensic artifact dubbed “BIGPRETZEL” on multiple devices, which WhatsApp confirmed is associated with Paragon infections.
The victims included Francesco Cancellato, editor-in-chief of Fanpage.it, and multiple members of Mediterranea Saving Humans, an organization that rescues migrants in the Mediterranean Sea.
Related iPhone Targeting and Italian Government Response
A related case involved David Yambio, founder of Refugees in Libya, who received an Apple notification about spyware targeting in November 2024.
Forensic analysis revealed an attempt to infect his iPhone with novel spyware in June 2024, which Apple confirmed they patched in iOS 18.
After initial denials, the Italian government eventually confirmed it was a Paragon customer, though officials denied targeting journalists and activists.
The government later announced a suspension of Paragon deployments pending investigation.
This case challenges Paragon’s claims of having developed an abuse-proof business model, demonstrating that commercial spyware, even when sold to democratic governments, remains vulnerable to misuse against legitimate civil society actors.
#Cyber_Security #Cyber_Security_News #Vulnerability_News #WhatsApp #Zero-Day #cyber_security #cyber_security_news
Оригинальная версия на сайте:
