In the wake of the Italian government’s contentious decision to sever ties with the Israeli firm Paragon Solutions, following its involvement in a cyber-espionage scandal earlier this year, Italy’s Negg has emerged as a potential successor, seeking to provide cyber-intelligence services to Rome. This development follows revelations by WhatsApp regarding a sophisticated hacking operation utilizing Paragon Solutions’ malware, which executed “zero-click” attacks by infiltrating users’ devices through malicious PDF files disseminated via the messaging service.
WhatsApp, in collaboration with the legal firm Advant, notified Italy’s National Cybersecurity Agency that seven Italian users of the WhatsApp platform had been targeted by Paragon, with their identities withheld for privacy reasons. Nonetheless, it has come to light that the victims included an investigative journalist and two activists, both of whom have been vocal critics of the right-wing administration under Prime Minister Giorgia Meloni.
Among the identified victims is Francesco Cancellato, the editor-in-chief of Fanpage, a prominent news outlet specializing in investigative journalism. Cancellato’s reporting had previously uncovered connections between young fascist groups and Meloni’s political party, which may have led to his targeting. Similarly, Luca Casarini, the founder of the NGO Mediterranea Saving Humans, was notified by WhatsApp of being a target. Casarini, recognized for his humanitarian initiatives aimed at rescuing migrants in the Mediterranean, has frequently found himself at odds with Italian authorities due to their restrictive immigration policies.
In an official statement, the Italian government acknowledged that seven Italian citizens, alongside a significant number of other Europeans, had been compromised by the Israeli spyware firm Paragon Solutions, while simultaneously disavowing any complicity in the incident.
Furthermore, individuals from Austria, Belgium, Cyprus, the Czech Republic, Denmark, Germany, Greece, Latvia, Lithuania, the Netherlands, Portugal, Spain, and Sweden were also subjected to these cyber intrusions. The primary targets were predominantly journalists and representatives of civil society organizations.