WhatsApp Disrupts Spyware Hack Targeting Journalists

WhatsApp Disrupts Hacking Campaign Targeting Journalists and Activists

WhatsApp announced on Friday the disruption of a hacking operation that impacted approximately 90 individuals. These included journalists and individuals involved in civil society organizations.

Campaign Linked to Israeli Spyware Firm

According to a statement given to TechCrunch by a WhatsApp spokesperson, the campaign has been attributed to Paragon, an Israeli developer of spyware. Paragon was acquired last December by AE Industrial Partners, a U.S.-based private equity firm.

Zade Alsawah, a WhatsApp spokesperson, emphasized the need for accountability within the spyware industry. He stated, “We’ve reached out directly to people who we believe were affected. WhatsApp will continue to protect people’s ability to communicate privately.” This incident underscores the importance of holding spyware companies responsible for illicit activities.

Details of the Attack

The hacking campaign utilized malicious PDF files distributed through WhatsApp groups to compromise the targeted individuals. A security patch has since been implemented by WhatsApp to prevent exploitation of this specific method.

Importantly, the company clarified that no action was required from the targets to fall victim to the hack. The compromise occurred without any user interaction.

Independent Verification

John Scott-Railton, a senior researcher at The Citizen Lab, confirmed observing the same hacking campaign utilizing the described attack vector. His team is currently conducting a thorough investigation.

WhatsApp indicated that the hacking activity occurred in December and that a cease and desist letter was issued to Paragon following its discovery.

Lack of Response from Paragon and AE Industrial

Requests for comment sent to Idan Nurick, the CEO of Paragon, via LinkedIn, went unanswered. Similarly, AE Industrial Partners did not respond to inquiries.

Paragon's Previous Low Profile

This marks the first instance of Paragon being publicly connected to a hacking campaign targeting journalists and civil society members. Since its establishment in 2019, Paragon had largely maintained a low profile, avoiding the controversies that have plagued other spyware vendors like Intellexa and NSO Group.

Both Intellexa and NSO Group have faced scrutiny from the U.S. government, with Intellexa and its founders being sanctioned and NSO Group being added to a blocklist.

U.S. Government Contract

Paragon, through its U.S. subsidiary, secured a contract with U.S. Immigration and Customs Enforcement in September, as previously reported by Wired. A source cited by The New Yorker stated that the contract was awarded after Paragon demonstrated safeguards to prevent targeting of U.S. residents by foreign clients.

Geographic Scope of Targets

The identities of those targeted in this spyware campaign remain unclear. WhatsApp reported that the victims were located in more than two dozen countries, including several within Europe.

Digital Rights Organization Responds

Natalia Krapiva, senior tech-legal counsel at Access Now, a digital rights organization focused on spyware abuses, praised WhatsApp’s response.

“For some time Paragon has had the reputation of a ‘better’ spyware company not implicated in obvious abuses, but WhatsApp’s recent revelations suggest otherwise,” Krapiva explained to TechCrunch. “This is not just a question of some bad apples — these types of abuses are a feature of the commercial spyware industry.”

Paragon's Stated Mission

According to its official website, Paragon states its mission is to “provide our customers with ethically based tools, teams, and insights to disrupt intractable threats.”

This article has been updated to include additional information provided by WhatsApp.