Latest news with #spyware
Reuters
a day ago
- Politics
- Reuters
Alleged Italian phone hacking involves political gossip website, sources say
ROME, June 19 (Reuters) - Italian prosecutors are looking into the alleged hacking of seven phones, including that of the head of political gossip website Dagospia, sources said, as part of a surveillance scandal involving the technology of spyware company Paragon. The probe follows reports on the alleged spying on two investigative journalists, which have triggered opposition protests and the termination of contracts between Italy and U.S.-owned Paragon. Prime Minister Giorgia Meloni's administration has denied involvement in illicit activities. Prosecutors in Rome and Naples are investigating the crime of unauthorized access into the phones, sources with knowledge of the matter said on Thursday, adding that Dagospia founder Roberto D'Agostino was among seven journalists and activists who were allegedly spied on. D'Agostino, whose website Dagospia produces salacious gossip with political behind-the-scenes stories and is a daily must-read for many Italian reporters, was not immediately available for comment. Dagospia, however, reported on the news involving its founder, republishing reports about the investigations from other media outlets under the headline: "Dagospia ends up being spied upon! The illegal wiretaps scandal gets bigger." As part of their investigation, prosecutors are also looking into the alleged hacking of the phones of investigative reporters, Ciro Pellegrino and Francesco Cancellato, both from the Fanpage website, the sources said. Italy's domestic and foreign intelligence agencies activated contracts with Paragon in 2023 and 2024, respectively, and used it on a limited number of people with permission from a prosecutor, a report by the parliamentary committee on security, COPASIR, said. The foreign intelligence agencies used the spyware to search for fugitives, to counter illegal immigration, alleged terrorism, organised crime, fuel smuggling and for counter-espionage and internal security activities, COPASIR said. The committee said it found no evidence that Italian intelligence services used Paragon spyware on Cancellato. Separately, internet watchdog group Citizen Lab said it found evidence of spying on Pellegrino's phone. Former Prime Minister Matteo Renzi, leader of a small opposition party, called for clarity on Thursday over the hacking case, adding that one does not spy on journalists in democracies.
Phone Arena
5 days ago
- Phone Arena
This iPhone hack needed zero clicks – and it spied on journalists
Recently, Apple patched a critical iPhone zero-day vulnerability. Reportedly, this vulnerability was quietly exploited, targeting journalists. Citizen Lab discovered the vulnerability. Basically, it allowed for Paragon's Graphite spyware to infiltrate iPhones via iMessage. The issue has been addressed in iOS 18.3.1. Back in April 2025, Apple notified a select group of iOS users (including two prominent journalists) that their devices had been targeted by spyware. Citizen Lab, which is a cybersecurity research group, confirmed the suspicions using forensic analysis. The investigation reportedly showed that a European journalist and an Italian journalist were targeted by surveillance firm Paragon. The spyware was reportedly installed via a zero-click attack in iMessage. A "zero-click" attack basically requires no action to be taken by the victim. The malicious user sends a specific malicious message and it compromises the device. Luckily, Apple has patched this vulnerability with iOS 18 .3.1. iOS is known for its security and privacy, but even iOS can fall victim to malicious users. | Image Credit – Apple Meanwhile, as Citizen Lab continued its analysis, it found that the exploited vulnerability was related to how iOS processed photos and videos sent via iCloud links. Another journalist has also been notified by Apple in January of this year about being targeted with Paragon's spyware. This could mean a broader pattern of attacks against journalists. So far, it seems only these specific people were targeted, and the vulnerability has been fixed by Apple already, so you generally have nothing to worry about. However, this incident clearly underlines the continuing fight between malicious users and is generally known for its privacy and security-centric approach, but even Apple can fall prey to the creativity and maliciousness of hackers. It's basically a cat-and-mouse game between device makers and hackers, and it's been like this since tech existed, pretty much. Although we as users can't do much in the grand scheme of things, it's important to update your device in a timely manner. When a security vulnerability has been discovered, usually companies release patches and updates to iron it out, so don't postpone or delay these when you see them waiting to be installed on your device.
Forbes
13-06-2025
- Forbes
New iPhone Spyware Warning — Act Now To Prevent Attacks
A new warning has been issued to Apple iPhone users by researchers after they found forensic evidence that Paragon Graphite spyware has taken over targets' devices. Cybersecurity researchers at Citizen Lab — which is known to discover and report vulnerabilities such as spyware — found spyware made by Israeli firm Paragon targeting iPhones. It comes after the Italian government admitted using spyware to target civil society. Apple initially issued an alert on the new spyware targeting a number of iOS users including journalists on April 29. Among the group were two journalists that consented for the technical analysis of their cases, Citizen Lab's Bill Marczak and John Scott-Railton wrote in their analysis. After investigating the devices of a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, Citizen Lab found forensic evidence confirming 'with high confidence that both a were targeted with Paragon's Graphite mercenary spyware.' Citizen Lab found evidence linking both cases to the same Paragon operator. The attacker deployed Paragon's Graphite spyware using 'a sophisticated iMessage zero-click attack,' Citizen Lab said, adding: 'We believe that this infection would not have been visible to the target.' The iPhone flaw, tracked as CVE-2025-43200, was patched in iOS 18.3.1. Spyware is so dangerous because it provides adversaries complete access to your iPhone, including your microphone, camera, email and messages — even those sent via encrypted apps such as WhatsApp or Signal. Worse, spyware is often deployed via so called 'zero-click attacks' that require no user interaction, taking advantage of vulnerabilities in the iOS operating system. This means the malware ca be delivered via an image sent via iMessage or WhatsApp — and you don't need to open it to become a victim. The fact that Graphite was delivered through a zero-click exploit reflects a growing pattern where 'sophisticated spyware uses zero-day vulnerabilities to silently compromise devices,' says Adam Boynton, senior security strategy manager EMEIA at cybersecurity outfit Jamf. What makes Graphite especially dangerous is its ability to operate covertly in memory, often leaving minimal artefacts on disk, says Boynton. It is capable of creating system-level impersonations — for example, registering hidden iMessage accounts or spoofing security features — to conceal its presence from both the user and standard detection tools. 'These tactics make traditional mobile security models insufficient on their own,' says Boynton. The new spyware warning is certainly scary, but at the same time, Apple's security architecture remains 'among the strongest in the industry,' says Boynton. He points to the iPhone maker's Lockdown Mode, which reduces the functionality of your iPhone but helps protect it from spyware. Spyware is extremely targeted, as can be seen from Citizen Lab's analysis, which focused on journalist's iPhones. Other groups vulnerable to the malware include dissidents, political figures and business users operating in certain sectors. In order to help prevent being targeted, Boynton emphasises the importance of keeping iPhones up to date. He also suggests enabling Lockdown Mode on Apple devices if you are in a sensitive or high-risk role. Another way of disrupting spyware is to turn your iPhone off and on again. But it's not a permanent solution and if you do suspect the malware is on your device, contact an organization such as Amnesty or Access Now for help. As researchers reveal more details about the dangers of the Graphite spyware, it is important that you update your iPhone now to the latest software, currently iOS 18.5. Even if you are not a target, upgrading will protect you from a number of flaws that could compromise your iPhone's security.
TechCrunch
12-06-2025
- TechCrunch
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
Researchers revealed on Thursday that two European journalists had their iPhones hacked with spyware made by Paragon. Apple now says it has fixed the bug that was used to hack their phones. Citizen Lab wrote in its report, shared with TechCrunch ahead of its publication, that Apple had told its researchers that the flaw exploited in the attacks had been 'mitigated in iOS 18.3.1,' a software update for iPhones released on February 10. Until this week, the advisory of that security update only mentioned one unrelated flaw, which allowed attackers to disable an iPhone security mechanism that makes it harder to unlock phones. On Thursday, however, Apple updated its February 10 advisory to include details about a new flaw, which was also fixed at the time, but not publicized. 'A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,' reads the now-updated advisory. In the final version of its report published Thursday, Citizen Lab confirmed this is the flaw used against Italian journalist Ciro Pellegrino and an unnamed 'prominent' European journalist. Contact Us Do you have more information Paragon? Or other spyware makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information Paragon? Or other spyware makers? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . It's unclear why Apple did not disclose the existence of this patched flaw until four months after the release of the iOS update, and an Apple spokesperson did not respond to a request for comment seeking clarity. The Paragon spyware scandal began in January, when WhatsApp notified around 90 of its users, including journalists and human rights activists, that they had been targeted with spyware made by Paragon, dubbed Graphite. Then, at the end of April, several iPhone users received a notification from Apple alerting them that they had been the targets of mercenary spyware. The alert did not mention the spyware company behind the hacking campaign. On Thursday, Citizen Lab published its findings confirming that two journalists who had received that Apple notification were hacked with Paragon's spyware. It's unclear if all the Apple users who received the notification were also targeted with Graphite. The Apple alert said that 'today's notification is being sent to affected users in 100 countries.'
The Independent
12-06-2025
- Business
- The Independent
US-backed Israeli company's spyware used to target European journalists, Citizen Lab finds
Spyware from a U.S.-backed Israeli company was used to target the phones of at least three prominent journalists in Europe, two of whom are editors at an investigative news site in Italy, according to digital researchers at Citizen Lab, citing new forensic evidence of the attacks. The findings come amid a growing questions about what role the government of Italian Prime Minister Giorgia Meloni may have played in spying on journalists and civil society activists critical of her leadership, and raised new concerns about the potential for abuse of commercial spyware, even in democratic countries. 'Any attempts to illegally access data of citizens, including journalists and political opponents, is unacceptable, if confirmed,' the European Commission said in a statement Wednesday in response to questions from members of parliament. 'The Commission will use all the tools at its disposal to ensure the effective application of EU law.' Meloni's office declined to comment Thursday, but a prominent member of her Cabinet has said that Italy 'rigorously respected' the law and that the government hadn't illegally spied on journalists. Mercenary spyware industry The company behind the hacks, Paragon Solutions, has sought to position itself as a virtuous player in the mercenary spyware industry and won U.S. government contracts, The Associated Press found. Backed by former Israeli Prime Minister Ehud Barak, Paragon was reportedly acquired by AE Industrial Partners, a private investment firm based in Florida, in a December deal worth at least $500 million, pending regulatory approvals. AE Industrial Partners didn't directly respond to requests for comment on the deal. Paragon's spyware, Graphite, was used to target around 90 WhatsApp users from more than two dozen countries, primarily in Europe, Meta said in January. Since then, there's been a scramble to figure out who was hacked and who was responsible. 'We've seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,' a spokesperson for WhatsApp told AP in an email. 'WhatsApp will continue to protect peoples' ability to communicate privately.' Meta said the vulnerability has been patched and they have not detected subsequent attacks. Meta also sent a cease-and-desist letter to Paragon. Last month, a California court awarded Meta $168 million in damages from Israel's NSO Group, whose spyware was used to hack 1,400 WhatsApp accounts, including of journalists, activists and government officials. Journalists targeted The Citizen Lab's findings, released today, show that the use of spyware against journalists has continued, despite the backlash against NSO Group, and establish for the first time that Paragon was able to successfully infect Apple devices. Ciro Pellegrino, who heads the Naples newsroom of an investigative news outlet called received a notice on April 29 that his iPhone had been targeted. Last year, Fanpage secretly infiltrated the youth wing of Meloni's Brothers of Italy party and filmed some of them making fascist and racist remarks. Pellegrino's colleague, Fanpage editor-in-chief Francesco Cancellato, also received a notice from Meta that his Android device had been targeted by Paragon spyware, though forensic evidence that his phone was actually infected with Graphite hasn't yet surfaced, according to Citizen Lab. The Citizen Lab's report today also revealed a third case, of a 'prominent European journalist,' who asked to remain anonymous, but is connected to the Italian cluster by forensic evidence unearthed by researchers at the laboratory, which is run out of the Munk School at the University of Toronto. The Citizen Lab, which has analyzed all the devices, said the attack came via iMessage, and that Apple has patched the vulnerability. Apple did not respond immediately to requests for comment. 'Paragon is now mired in exactly the kind of abuse scandal that NSO Group is notorious for,' said John Scott-Railton, a senior researcher at the Citizen Lab. 'This shows the industry and its way of doing business is the problem. It's not just a few bad apples.' Stealthy spyware Paragon's spyware is especially stealthy because it can compromise a device without any action from the user. Similar to the NSO Group's notorious Pegasus spyware, which has been blacklisted by the U.S. government, Graphite allows the operator to covertly access applications, including encrypted messengers like Signal and WhatsApp. 'There's no link to click, attachment to download, file to open or mistake to make,' Scott-Railton said. 'One moment the phone is yours, and the next minute its data is streaming to an attacker.' Parliamentary oversight COPASIR, the parliamentary committee overseeing the Italian secret services, took the rare step last week of making public the results of its investigation into the government's use of Paragon. The COPASIR report said that Italian intelligence services hadn't spied on Cancellato, the editor of Fanpage. The report did confirm the surveillance, with tools including Graphite, of civil society activists, but said they had been targeted legally and with government authorization — not as activists but over their work related to irregular immigration and national security. Giovanni Donzelli, vice president of COPASIR and a prominent member of Meloni's Brothers of Italy party, declined further comment Thursday, saying the parliamentary report was 'more relevant than an analysis done by a privately funded Canadian laboratory.' Citizen Lab says it's 'rigorously independent,' and doesn't accept research funding from governments or companies. Italy and Paragon both say they've terminated their relationship, but offer starkly different versions of the breakup. Paragon referred questions to a statement it gave to Israeli newspaper Haaretz, in which the company said that it stopped providing spyware to Italy after the government declined its offer to help investigate Cancellato's case. Italian authorities, however, said they had rejected Paragon's offer over national security concerns and ended the relationship following media outcry. U.S. contracts Paragon has been keen to deflect reputational damage that could, in theory, impact its contracts with the U.S. government. A 2023 executive order, which so far hasn't been overturned by U.S. President Donald Trump, prohibits federal government departments and agencies from acquiring commercial spyware that has been misused by foreign governments, including to limit freedom of expression and political dissent. The U.S. Department of Homeland Security awarded Paragon a one-year, $2 million contract last September for operations and support of U.S. Immigration and Customs Enforcement, public records show. The U.S. Drug Enforcement Administration has also reportedly used the spyware. In December 2022, Adam Schiff, the California Democrat who at the time chaired the House Intelligence Committee, wrote to the administrator of the U.S. Drug Enforcement Administration questioning whether the DEA's use of Graphite spyware undermined efforts to deter the 'broad proliferation of powerful surveillance capabilities to autocratic regimes and others who may misuse them.' ___ Byron Tau in Washington, and Lorne Cook in Brussels, contributed to this report.
