WhatsApp has successfully blocked a hacking attempt that targeted about 90 users, including journalists and civil society members. The attack, traced to Israeli spyware firm Paragon, was carried out through malicious PDF files sent via WhatsApp groups.
A WhatsApp spokesperson confirmed that affected users had been notified and that security measures were reinforced to prevent similar breaches. “Spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” said Zade Alsawah, a company representative.
Paragon, which was acquired by U.S. private equity firm AE Industrial in December, has not commented on the allegations. WhatsApp stated that the attack took place in December and that a cease-and-desist letter had been sent to Paragon in response.
Cybersecurity experts, including Citizen Lab researcher John Scott-Railton, have been investigating the incident. He confirmed that Paragon’s spyware used the specific attack method identified by WhatsApp. This marks the first time Paragon has been publicly linked to a cyberattack.
Unlike sanctioned spyware firms such as Intellexa and NSO Group, Paragon has maintained a relatively low profile. However, experts argue that this incident challenges its reputation. “Paragon was seen as a ‘better’ spyware company, but these revelations suggest otherwise,” said Natalia Krapiva of Access Now.
The full extent of the attack remains unclear, and the identities of those targeted have not been disclosed. WhatsApp has reported the incident to law enforcement and industry partners while continuing to monitor spyware threats on its platform.
