Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The advanced Graphite mercenary spyware, developed by Paragon, targets journalists through a sophisticated zero-click vulnerability in Apple’s iOS.
At least three European journalists have been confirmed as targets, with two cases forensically verified.The spyware exploited a zero-day vulnerability in iOS that allowed attackers to compromise devices without any user interaction.
The attack leveraged a previously unknown vulnerability in iOS (CVE-2025-43200) that enabled the Graphite spyware to infiltrate devices through iMessage.
iOS Zero-Click Vulnerability (CVE-2025-43200) Exploited
Forensic analysis revealed that an iMessage account, referred to by researchers as “ATTACKER1,” was used to deploy the zero-click exploit against multiple targets.
The sophisticated nature of this attack meant victims had no way of detecting the infection, as it required no user interaction to execute.
%20Exploited.webp)
Apple iOS infections
Technical analysis of the compromised devices showed connections to a server with IP address 46.183.184[.]91, which researchers have linked to Paragon’s Graphite spyware infrastructure.
The server was hosted on VPS provider EDIS Global and continued matching Citizen Lab’s “Fingerprint P1” identifier until at least April 12, 2025.
Notably, Apple has confirmed the vulnerability was patched in iOS 18.3.1, but devices running earlier versions remained vulnerable through early 2025.
“The zero-click attack deployed here was mitigated as of iOS 18.3.1,” notes the Citizen Lab report, highlighting the critical importance of keeping devices updated against such sophisticated threats.
Targeted Journalists and News Organizations
Among the confirmed targets are a prominent European journalist who requested anonymity and Italian journalist Ciro Pellegrino, head of the Naples newsroom at Fanpage[.]it.
Both received notifications from Apple on April 29, 2025, alerting them to potential advanced spyware compromises. Subsequent forensic analysis confirmed the presence of Graphite spyware artifacts on their devices.
Francesco Cancellato, another journalist at Fanpage[.]it, was similarly notified by WhatsApp about being targeted with Paragon’s spyware.
The targeting of multiple journalists from the same news organization suggests a deliberate effort to compromise Fanpage.it’s operations.
Citizen Lab researchers noted, “The identification of a second journalist at Fanpage.it targeted with Paragon suggests an effort to target this news organization.”
The spyware could potentially access messages, location data, photos, and activate microphones and cameras without the victim’s knowledge, posing severe privacy and security risks to the journalists’ sources and work.
The Italian government’s parliamentary committee overseeing intelligence services (COPASIR) published a report on June 5, 2025, acknowledging the use of Paragon’s Graphite spyware against certain individuals, but denied knowledge of who targeted Cancellato.
This has raised serious questions about oversight and accountability in the use of mercenary spyware.
Paragon Solutions reportedly offered to assist in investigating the Cancellato case, an offer rejected by Italian authorities citing national security concerns.
The Department of Security Intelligence (DIS) stated that providing Paragon such access would damage Italy’s reputation among international security services.
This latest spyware campaign highlights the growing “spyware crisis” affecting journalists worldwide.
Researchers said that the lack of accountability available to these spyware targets highlights the extent to which journalists in Europe continue to be subjected to this highly invasive digital threat.
It is recommended that individuals who receive spyware warnings from Apple, Meta, WhatsApp, or Google take them seriously and seek expert assistance from organizations like Access Now’s Digital Security Helpline or Amnesty International’s Security Lab.
#Cyber_Security #Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists
Author: Guru BaranThe advanced Graphite mercenary spyware, developed by Paragon, targets journalists through a sophisticated zero-click vulnerability in Apple’s iOS.
At least three European journalists have been confirmed as targets, with two cases forensically verified.The spyware exploited a zero-day vulnerability in iOS that allowed attackers to compromise devices without any user interaction.
The attack leveraged a previously unknown vulnerability in iOS (CVE-2025-43200) that enabled the Graphite spyware to infiltrate devices through iMessage.
iOS Zero-Click Vulnerability (CVE-2025-43200) Exploited
Forensic analysis revealed that an iMessage account, referred to by researchers as “ATTACKER1,” was used to deploy the zero-click exploit against multiple targets.
The sophisticated nature of this attack meant victims had no way of detecting the infection, as it required no user interaction to execute.
Apple iOS infectionsTechnical analysis of the compromised devices showed connections to a server with IP address 46.183.184[.]91, which researchers have linked to Paragon’s Graphite spyware infrastructure.
The server was hosted on VPS provider EDIS Global and continued matching Citizen Lab’s “Fingerprint P1” identifier until at least April 12, 2025.
Notably, Apple has confirmed the vulnerability was patched in iOS 18.3.1, but devices running earlier versions remained vulnerable through early 2025.
“The zero-click attack deployed here was mitigated as of iOS 18.3.1,” notes the Citizen Lab report, highlighting the critical importance of keeping devices updated against such sophisticated threats.
Targeted Journalists and News Organizations
Among the confirmed targets are a prominent European journalist who requested anonymity and Italian journalist Ciro Pellegrino, head of the Naples newsroom at Fanpage[.]it.
Both received notifications from Apple on April 29, 2025, alerting them to potential advanced spyware compromises. Subsequent forensic analysis confirmed the presence of Graphite spyware artifacts on their devices.
Francesco Cancellato, another journalist at Fanpage[.]it, was similarly notified by WhatsApp about being targeted with Paragon’s spyware.
The targeting of multiple journalists from the same news organization suggests a deliberate effort to compromise Fanpage.it’s operations.
Citizen Lab researchers noted, “The identification of a second journalist at Fanpage.it targeted with Paragon suggests an effort to target this news organization.”
The spyware could potentially access messages, location data, photos, and activate microphones and cameras without the victim’s knowledge, posing severe privacy and security risks to the journalists’ sources and work.
The Italian government’s parliamentary committee overseeing intelligence services (COPASIR) published a report on June 5, 2025, acknowledging the use of Paragon’s Graphite spyware against certain individuals, but denied knowledge of who targeted Cancellato.
This has raised serious questions about oversight and accountability in the use of mercenary spyware.
Paragon Solutions reportedly offered to assist in investigating the Cancellato case, an offer rejected by Italian authorities citing national security concerns.
The Department of Security Intelligence (DIS) stated that providing Paragon such access would damage Italy’s reputation among international security services.
This latest spyware campaign highlights the growing “spyware crisis” affecting journalists worldwide.
Researchers said that the lack of accountability available to these spyware targets highlights the extent to which journalists in Europe continue to be subjected to this highly invasive digital threat.
It is recommended that individuals who receive spyware warnings from Apple, Meta, WhatsApp, or Google take them seriously and seek expert assistance from organizations like Access Now’s Digital Security Helpline or Amnesty International’s Security Lab.
#Cyber_Security #Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
