Particle.news
Download on the App Store
10 ARTICLES
·
5d ago

Citizen Lab Confirms Paragon Spyware Infections of Two European Journalists

New forensic findings deepen scrutiny of Italy's use of mercenary spyware following confirmation of journalist hacks by Paragon.

Italian investigative journalist Ciro Pellegrino poses for a picture at the offices of the online newspaper Fanpage.it, in Naples, Italy, June 11, 2025. REUTERS/Matteo Ciambelli
FILE - Giorgia Meloni attends a debate at the Senate in Rome, Oct. 26, 2022. (AP Photo/Andrew Medichini, file)
Italian investigative journalist Ciro Pellegrino shows his phone screen displaying a threat notification from Apple warning of a mercenary spyware attack, in Naples, Italy, June 11, 2025. REUTERS/Matteo Ciambelli
The malware alert appears on the screen of a smartphone in Reno, United States, on December 2, 2024. (Photo by Jaque Silva/NurPhoto via Getty Images)

Overview

  • Citizen Lab forensic analysis confirms that Paragon’s Graphite spyware infected the iPhones of two European journalists, including Italian reporter Ciro Pellegrino.
  • The attack used a zero-click iMessage exploit targeting CVE-2025-43200 in iOS 18.2.1, which Apple addressed with fixes in iOS 18.3.1 released in February.
  • Italy's COPASIR committee verified contracts between Paragon and national intelligence agencies in 2023–2024 and acknowledged authorization of spyware use against activists.
  • Paragon and Italian authorities present conflicting explanations for the termination of their surveillance agreement following the emergence of forensic evidence.
  • Despite the controversy, Paragon retains government clients in the United States, including a $2 million Department of Homeland Security contract awarded last September.