TZUTC: -0500   
   MSGID: 46.consprcy@1:2320/105 2c0611e1   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Paragon spyware campaign targeting journalists disrupted by WhatsApp   
      
   Date:   
   Mon, 03 Feb 2025 12:31:00 +0000   
      
   Description:   
   Paragon spyware uncovered in PDF files sent to journalists and members of   
   civil society, with WhatsApp issuing a cease-and-desist against the company.   
      
   FULL STORY   
   ======================================================================   
    - WhatsApp has accused spyware company Paragon of targeting journalists   
    - The encrypted messaging app disrupted the campaign in December 2024   
    - A cease-and-desist letter has been issued to Paragon by WhatsApp   
      
   WhatsApp has revealed it has disrupted a spyware hacking campaign targeting   
   journalists and prominent members of civil society.    
      
   The spyware in question belongs to Paragon, a commercial spyware company   
   founded by former Israeli intelligence officers, which Meta-owned WhatsApp    
   has directly implicated in the campaign.    
      
   WhatsApp says about 90 of its users were targeted with malicious PDF files,   
   with the victims being notified of the attempt, and a cease-and-desist letter   
   being issued to Paragon. Paragon caught targeting journalists    
      
   According to WhatsApp, the campaign was discovered in December 2024, and did   
   not require the users to open the PDF attachment, acting as a zero-click   
   deployment method.    
      
   This is the latest example of why spyware companies must be held accountable   
   for their unlawful actions. WhatsApp will continue to protect peoples ability   
   to communicate privately, WhatsApp spokesperson Zade Alsawah said (via   
   TechCrunch ).    
      
   WhatsApp has not said where the victims of the campaign were based, and was   
   unable to determine when the campaign started.    
      
   In 2024, the US Immigration and Customs Enforcement (ICE) signed a $2 million   
   one year contract with Paragon that included a fully configured proprietary   
   solution including license, hardware, warranty, maintenance and training,   
   federal documents say.    
      
   While this is the first time Paragon has been implicated in a spyware   
   campaign, numerous other commercial spyware software developers have been   
   involved in illegal operations.    
      
   Israeli spyware company NSO Group is currently in the crosshairs of a Polish   
   government investigation into the deployment of the Pegasus spyware on   
   thousands of opposition government devices .    
      
   In early 2024, WhatsApp won a federal court battle to be able to view the   
   source code of NSO Groups Pegasus spyware after the company was accused of   
   deploying the spyware on 1,400 mobile devices over a two-week period in 2019.    
      
   Based on Metas notification, this spyware campaign was another precise attack   
   targeting individuals with highly valued access or contacts," noted Adam   
   Boynton, Senior Security Strategy Manager EMEIA at Jamf. "When spyware does   
   hit, it is often a sophisticated threat that uses advanced techniques to   
   maintain persistence.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/paragon-spyware-campaign-targeting-jour   
   nalists-disrupted-by-whatsapp   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426