WhatsApp, the widely used messaging platform owned by Meta, has revealed that nearly 100 journalists and civil society members were targeted by Paragon Solutions’ spyware, Graphite—an Israeli-made surveillance tool with capabilities comparable to NSO Group’s Pegasus spyware.
According to THEGUARDIAN, the spyware campaign reportedly deployed zero-click attacks, allowing hackers to compromise devices without users clicking malicious links. While WhatsApp successfully disrupted the campaign in December 2024, the identity of the clients behind the attack remains unknown.
This revelation raises serious concerns about the abuse of commercial spyware, echoing past scandals involving NSO Group’s Pegasus spyware, which has been linked to state-sponsored surveillance and human rights violations worldwide.
Spyware Targeting and WhatsApp’s Discovery
According to WhatsApp, the attack was carried out through malicious PDF files sent via group chats, exploiting a vulnerability that allowed spyware to infiltrate targeted devices.
🔹 Zero-Click Attack: Victims did not need to interact with the malware, making detection extremely difficult.
🔹 Total Device Compromise: The Graphite spyware enabled complete access to victims’ devices, including their messages—even those sent via encrypted apps like WhatsApp and Signal.
🔹 High-Risk Targets: Those affected include journalists, human rights activists, and members of civil society—groups frequently targeted by government surveillance programs.
WhatsApp has sent direct notifications to impacted users, warning them about the potential breach of their communications and data.
Who Is Behind the Attack?
The spyware Graphite was developed by Paragon Solutions, a cyber-intelligence company founded by former Israeli Prime Minister Ehud Barak. The company is currently under scrutiny following reports that it was sold to the U.S. private equity firm AE Industrial Partners for $900 million—a deal that has yet to receive full regulatory approval from Israel’s Ministry of Defense.
📌 Paragon Solutions claims to only work with “democratic governments.” However, reports indicate that some of these so-called democracies, including India, Greece, and Poland, have previously been accused of abusing spyware to surveil journalists and opposition figures.
📌 Paragon has a U.S. office in Virginia and has allegedly worked with U.S. law enforcement agencies, including a $2 million contract with the Department of Homeland Security (DHS). However, following a Wired report, the U.S. paused the contract to evaluate compliance with President Biden’s executive order restricting spyware use by federal agencies.
📌 WhatsApp has taken legal action, sending a cease-and-desist letter to Paragon Solutions while also exploring further legal options.
Spyware and the Global Cyberwarfare Landscape
The use of commercial spyware has been a growing concern among cybersecurity experts, journalists, and human rights organizations. The industry has faced increased scrutiny following multiple reports of government-backed surveillance operations using tools like NSO Group’s Pegasus, Candiru, and now Paragon’s Graphite.
🔹 Citizen Lab, a cybersecurity research group at the University of Toronto, has been tracking spyware attacks against journalists, activists, and opposition figures worldwide. Their findings have played a crucial role in exposing digital threats to civil society.
🔹 The WhatsApp lawsuit against NSO Group, filed in 2019, resulted in a major legal victory in December 2024, when a U.S. judge ruled that NSO had violated U.S. federal hacking laws and WhatsApp’s terms of service.
🔹 Governments are taking action: In 2021, the Biden administration blacklisted NSO Group due to its spyware being used against U.S. government officials, activists, and journalists.
10 Ways to Protect Against Spyware Attacks
With spyware threats increasing globally, it is crucial to implement strong cybersecurity measures to protect individuals and organizations from unauthorized surveillance.
1. Keep Software and Devices Updated
Ensure that operating systems, apps, and security patches are regularly updated to mitigate vulnerabilities that spyware exploits.
2. Enable End-to-End Encryption
Use messaging apps like WhatsApp and Signal, which offer end-to-end encryption to protect communications from interception.
3. Be Cautious with Unknown Files and Links
Avoid opening suspicious PDFs, links, or attachments, especially from unknown contacts or group chats.
4. Use Multi-Factor Authentication (MFA)
Enable MFA on all critical accounts, including email, messaging apps, and cloud storage to prevent unauthorized access.
5. Monitor for Unusual Device Behavior
Watch out for unexpected battery drainage, overheating, or high data usage—common signs of spyware activity.
6. Regularly Check Device Permissions
Review which apps have access to sensitive features like the camera, microphone, and GPS, and revoke permissions when necessary.
7. Use Anti-Spyware and Threat Detection Tools
Install security apps that scan for spyware, such as Lookout, Kaspersky, or Malwarebytes.
8. Disable Automatic Link Previews
Some spyware exploits link preview features in messaging apps—disabling them can reduce the risk of infection.
9. Conduct Cybersecurity Training for At-Risk Individuals
Journalists, activists, and government officials should undergo security training to recognize targeted phishing and spyware threats.
10. Engage with Digital Rights Organizations
Organizations like Citizen Lab, Amnesty International, and Access Now offer resources and support for victims of spyware attacks.
The Future of Digital Privacy and Surveillance
The WhatsApp-Graphite spyware case underscores the escalating battle between cybersecurity defenders and surveillance firms. While spyware developers claim their tools are for national security, repeated abuses highlight the lack of accountability and regulation in the spyware industry.
📌 Governments and private companies must enforce stricter policies on spyware sales and usage.
📌 Tech companies must continue developing security patches to prevent exploitation by spyware vendors.
📌 Journalists and civil society members must remain vigilant and implement stronger digital security practices.
As spyware technology becomes more sophisticated, the need for robust cybersecurity defenses, legal action, and international cooperation is more crucial than ever.
Conclusion
WhatsApp’s latest revelations shed light on the growing spyware crisis and the need for greater transparency in cybersecurity affairs. With journalists and civil society members being prime targets, governments, tech companies, and digital rights organizations must work together to safeguard privacy and free expression.
As the battle between spyware firms and privacy advocates intensifies, the outcome will shape the future of cybersecurity, human rights, and digital freedom.
Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, LinkedIn and YouTube for the latest threats, insights, and updates!
