Ravie Lakshmanan Spyware / Mobile Security
The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab.
Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications on a device.
The interdisciplinary lab said it identified the six governments as "suspected Paragon deployments" after mapping the server infrastructure suspected to be associated with the spyware.
The development comes nearly two months after Meta-owned WhatsApp said it notified around 90 journalists and civil society members that it said were targeted by Graphite. The attacks were disrupted in December 2024.
Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications on a device.
The interdisciplinary lab said it identified the six governments as "suspected Paragon deployments" after mapping the server infrastructure suspected to be associated with the spyware.
The development comes nearly two months after Meta-owned WhatsApp said it notified around 90 journalists and civil society members that it said were targeted by Graphite. The attacks were disrupted in December 2024.
Targets of these attacks included individuals spread across over two dozen countries, including several in Europe such as Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain, and Sweden.
"This is the latest example of why spyware companies must be held accountable for their unlawful actions," a WhatsApp spokesperson told The Hacker News at that time. "WhatsApp will continue to protect peoples' ability to communicate privately."
In these attacks, targets were added to a WhatsApp group, and then sent a PDF document, which is subsequently parsed automatically to trigger the now-patched zero-day vulnerability and load the Graphite spyware. The final stage entails escaping the Android sandbox to compromise other apps on the targeted devices.
Further investigation of hacked Android devices has uncovered a forensic artifact dubbed BIGPRETZEL that is suspected to uniquely identify infections with Paragon' Graphite spyware.
Evidence has also found evidence of a likely Paragon infection targeting an iPhone belonging to an Italy-based founder of the organization Refugees in Libya in June 2024. Apple has since addressed the attack vector with the release of iOS 18.
"Mercenary spyware attacks like this one are extremely sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals because of who they are or what they do," Apple said in a statement.
"After detecting the attacks in question, our security teams rapidly developed and deployed a fix in the initial release of iOS 18 to protect iPhone users, and sent Apple threat notifications to inform and assist users who may have been individually targeted."
AMNESTY INTERNATIONAL REPORT
Europe: Paragon attacks highlight Europe’s growing spyware crisis
Responding to the publication of a Citizen Lab report identifying multiple cases involving the use of Paragon’s spyware against journalists and human rights defenders in Italy, the Head of Amnesty International’s Security Lab, Donncha Ó Cearbhaill, said:
“The alarming discovery that Paragon’s highly invasive Graphite spyware has been used against human rights defenders and journalists in Italy underscores the worsening digital surveillance crisis across Europe.
“Of particular concern is the targeting of sea rescue organizations engaged in life-saving activities in the Mediterranean. This adds a dangerous new digital threat to organizations already grappling with legal threats, obstruction and criminalization in Italy.
Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab
“This latest research adds to previous findings by Amnesty International and other civil society partners exposing the rampant misuse of spyware across Europe. Despite repeated and ongoing scandals in Serbia, Spain, Greece, Poland, Hungary, and now Italy, authorities at both the national and European levels have failed to take effective action. Europe’s shameful laissez-faire approach to regulation of the surveillance industry is fueling the global spyware crisis.”
“An independent investigation by Amnesty International’s Security Lab over the past 6 months has uncovered additional cases of apparent spyware use targeting other sea rescue activists in Italy. Ongoing civil society research is almost certain to unearth more victims. What we are seeing is the tip of the iceberg”.
Background
The spyware targets include journalist Francesco Cancellato, Mediterranea Saving Humans founder Luca Casarini and co-founder Dr Giuseppe “Beppe” Caccia. Citizen Lab also found that the phone of Refugees in Libya founder David Yambio, showed spyware targeting, but which Citizen Lab did not definitively attribute to Paragon at this stage.
Paragon’s Graphite spyware product is a form of highly invasive spyware capable of covertly accessing the most intimate and sensitive data on an individual’s phone, and cannot be independently audited. Such an intrusive tool can never be human rights compliant and should be banned.
Last month, WhatsApp notified 90 individuals that they had been targeted by spyware, with reports confirming that many of the victims were journalists and human rights activists.
For over a year, the European Commission has failed to implement the recommendations of the European Parliament Committee of Inquiry’s recommendations regarding Pegasus and similar surveillance spyware (PEGA), leaving activists, journalists, and other vulnerable individuals exposed to these dangerous surveillance tools.
No comments:
Post a Comment