Meta confirms zero-click WhatsApp spyware attack targeting journalists and activists
Meta-owned WhatsApp said on Friday that it disrupted a campaign involving spyware to target journalists and civil society members. The campaign, which targeted around 90 members used spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.

In a statement to The Guardian, the encrypted messaging app said it has reached out to affected users, stating it had "high confidence" that the users were targeted and "possibly compromised." It's currently not known who is behind the campaign or how long itlasted.
The attack chain is said to be zero-click, meaning the software deployment occurs without requiring any user interaction. It's suspected to involve the distribution of a specially crafted PDF file sent to individuals who were added to group chats on WhatsApp.
The company also revealed that it had sent Paragon a "cease and desist" letter and was considering other options. The development marks the first time the company has been linked to cases where its technology has been misused.
Like NSO Group, Paragon is the maker of surveillance software called Graphite which is offered to government clients to combat digital threats. It was acquired by a U.S.-based investment group AE Industrial Partners in December in a deal worth $500 million.
On its barebones website, the company claims it provides customers with "ethically based tools" to "disrupt intractable threats," as well as offer "cyber and forensic capabilities to locate and analyze digital data."
In late 2022, it came to light that Graphite was used by the U.S. Drug Enforcement Administration (DEA) for counternarcotics operations. Last year, the Center for Democracy and Technology (CDT) called on the Department of Homeland Security to release details about its $2 million contract with Paragon.
News of the campaign comes weeks after a judge in California ruled in WhatsApp's favor in a landmark case against NSO Group for using its infrastructure to deliver the Pegasus spyware to 1,400 devices in May 2019.
Meta's disclosure also coincided with the arrest of former Polish Justice Minister Zbigniew Ziobroover over allegations that he sanctioned the use of Pegasus spyware to surveil opposition leaders and oversaw cases where the technology was used.