{"id":657842,"date":"2025-03-19T15:40:14","date_gmt":"2025-03-19T12:40:14","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/researchers-name-several-countries-as-potential-paragon-spyware-customers\/"},"modified":"2025-03-19T15:40:14","modified_gmt":"2025-03-19T12:40:14","slug":"researchers-name-several-countries-as-potential-paragon-spyware-customers","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/researchers-name-several-countries-as-potential-paragon-spyware-customers\/","title":{"rendered":"#Researchers name several countries as potential Paragon spyware customers"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a370b6887b1f\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a370b6887b1f\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/researchers-name-several-countries-as-potential-paragon-spyware-customers\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of Israeli spyware maker Paragon Solutions, according to a new technical report by a renowned digital security lab.<\/p>\n<p class=\"wp-block-paragraph\">On Wednesday, The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry for more than a decade, <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/citizenlab.ca\/2025\/03\/a-first-look-at-paragons-proliferating-spyware-operations\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">published a report<\/a> about the Israeli-founded surveillance startup, identifying the six governments as \u201csuspected Paragon deployments.\u201d<\/p>\n<p class=\"wp-block-paragraph\">At the end of January, <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">WhatsApp<\/a> notified around 90 users that the company believed were targeted with Paragon spyware, prompting a scandal in Italy, where some of the targets live.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Paragon has long tried to distinguish itself from competitors, such as NSO Group \u2014 whose spyware has been abused in several <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/forbiddenstories.org\/about-the-pegasus-project\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">countries<\/a> \u2014 by claiming to be a more responsible spyware vendor. In 2021, an unnamed senior Paragon executive <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2021\/07\/29\/paragon-is-an-nso-competitor-and-an-american-funded-israeli-surveillance-startup-that-hacks-encrypted-apps-like-whatsapp-and-signal\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">told Forbes<\/a> that authoritarian or non-democratic regimes would never be its customers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">In response to the scandal prompted by the WhatsApp notifications in January, and in what was perhaps an attempt to bolster its claims about being a responsible spyware vendor, Paragon\u2019s executive chairman John Fleming told TechCrunch that the company \u201clicenses its <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> to a select group of global democracies \u2014 principally, the United States and its allies.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Israeli <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> outlets reported in late 2024 that U.S. venture capital AE Industrial Partners had acquired Paragon for at least $500 million upfront.<\/p>\n<figure class=\"wp-block-image aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1985\" height=\"1153\" src=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg\" alt=\"an image describing the attack flow of a Paragon-made spyware called Graphite. The steps include an attacker adding a person to a WhatApp group, then the victim's device automatically parses PDF, exploiting the vulnerability.\" class=\"wp-image-2983094\" style=\"width:800px\" srcset=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg 1985w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=150,87 150w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=300,174 300w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=768,446 768w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=680,395 680w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=1200,697 1200w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=1280,743 1280w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=430,250 430w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=720,418 720w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=900,523 900w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=800,465 800w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=1536,892 1536w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=668,388 668w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=646,375 646w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=1062,617 1062w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/paragon-spyware-exploit-flow.jpg?resize=708,411 708w\" sizes=\"auto, (max-width: 1985px) 100vw, 1985px\"\/><figcaption class=\"wp-element-caption\"><span class=\"wp-element-caption__text\">An example of the attack flow for the Graphite spyware.<\/span><span class=\"wp-block-image__credits\"><strong>Image Credits:<\/strong>Citizen Lab<\/span><\/figcaption><\/figure>\n<p class=\"wp-block-paragraph\">In the report out Wednesday, Citizen Lab said it was able to map the server infrastructure used by Paragon for its spyware tool, which the vendor codenamed Graphite, based on \u201ca tip from a collaborator.\u201d <\/p>\n<p class=\"wp-block-paragraph\">Starting from that tip, and after developing several fingerprints capable of identifying associated Paragon servers and digital certificates, Citizen Lab\u2019s researchers found several IP addresses hosted at local telecom companies. Citizen Lab said it believes these are servers belonging to Paragon customers, in part based on the initials of the certificates, which seem to match the names of the countries the servers are located in.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to Citizen Lab, one of the fingerprints developed by its researchers led to a digital certificate registered to Graphite, in what appears to be a significant operational mistake by the spyware maker.<\/p>\n<p class=\"wp-block-paragraph\">\u201cStrong circumstantial evidence supports a link between Paragon and the infrastructure we mapped out,\u201d Citizen Lab wrote in the report.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe infrastructure we found is linked to webpages entitled \u2018Paragon\u2019 returned by IP addresses in Israel (where Paragon is based), as well as a TLS certificate containing the organization name \u2018Graphite\u2019,\u201d the report said.<\/p>\n<p class=\"wp-block-paragraph\">Citizen Lab noted that its researchers identified several other codenames, indicating other potential governmental customers of Paragon. Among the suspected customer countries, Citizen Lab singled out Canada\u2019s Ontario Provincial Police (OPP), which specifically appears to be a Paragon customer given that one of the IP addresses for the suspected Canadian customer is linked directly to the OPP.<\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about Paragon, and this spyware campaign? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.\t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">TechCrunch reached out to spokespeople for the following governments: Australia, Canada,\u00a0Cyprus, Denmark, Israel, and Singapore. TechCrunch also contacted the Ontario Provincial Police. None of the representatives responded to our requests for comment.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">When reached by TechCrunch, Paragon\u2019s Fleming said that Citizen Lab reached out to the company and provided \u201ca very limited amount of information, some of which appears to be inaccurate.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Fleming added: \u201cGiven the limited nature of the information provided, we are unable to offer a comment at this time.\u201d Fleming did not respond when TechCrunch asked what was inaccurate about Citizen Lab\u2019s report, nor responded to questions about whether the countries identified by Citizen Lab are Paragon customers, or the status of its relationship with its Italian customers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Citizen Lab noted that all the people that were notified by WhatsApp, who then reached out to the organization to have their phones analyzed, used an Android phone. This allowed the researchers to identify a \u201cforensic artifact\u201d left by Paragon\u2019s spyware, which the researchers called \u201cBIGPRETZEL.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Meta spokesperson Zade Alsawah told TechCrunch in a statement that the company \u201ccan confirm that we believe that the indicator Citizen Lab refers to as BIGPRETZEL is associated with Paragon.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe\u2019ve seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,\u201d read Meta\u2019s statement. \u201cOur security team is constantly working to stay ahead of threats, and we will continue working to protect peoples\u2019 ability to communicate privately.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Given that Android phones do not always preserve certain device logs, Citizen Lab noted that it\u2019s likely more people were targeted by the Graphite spyware, even if there was no evidence of Paragon\u2019s spyware on their phones. And for the people who were identified as victims, it\u2019s not clear if they were targeted on previous occasions.<\/p>\n<p class=\"wp-block-paragraph\">Citizen Lab also noted that Paragon\u2019s Graphite spyware targets and compromises specific apps on the phone \u2014 without needing any interaction from the target \u2014 rather than compromising the wider operating system and the device\u2019s data. In the case of Beppe Caccia, one of the victims in Italy, who works for an NGO that helps migrants, Citizen Lab found evidence that the spyware infected two other apps on his Android device, without naming the apps.<\/p>\n<p class=\"wp-block-paragraph\">Targeting specific apps as opposed to the device\u2019s operating system, Citizen Lab noted, may make it harder for forensic investigators to find evidence of a hack, but may give the app makers more visibility into spyware operations.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cParagon\u2019s spyware is trickier to spot than competitors like [NSO Group\u2019s] Pegasus, but, at the end of the day, there is no \u2018perfect\u2019 spyware attack,\u201d Bill Marczak, a senior researcher at Citizen Lab, told TechCrunch. \u201c<\/p>\n<p class=\"wp-block-paragraph\">Maybe the clues are in different places than we\u2019re used to, but with collaboration and information sharing, even the toughest cases unravel.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Citizen Lab also said it analyzed the iPhone of David Yambio, who works closely with Caccia and others at his NGO. Yambio received a notification from Apple about his phone being targeted by mercenary spyware, but the researchers couldn\u2019t find evidence that he was targeted with Paragon\u2019s spyware.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Apple did not respond to a request for comment.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/03\/19\/researchers-name-several-countries-as-potential-paragon-spyware-customers\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of Israeli spyware maker Paragon Solutions, according to a new technical report by a renowned digital security lab. On Wednesday, The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry&#8230;<\/p>\n","protected":false},"author":1,"featured_media":657843,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/03\/android-spyware-green.jpg?resize=1200,674","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[15047,39382,20358,22974,2184,71227,153858,154985,72287,151937,81180],"class_list":["post-657842","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-privacy","tag-android","tag-australia","tag-canada","tag-israel","tag-italy","tag-paragon","tag-paragon-solutions","tag-security","tag-spyware","tag-surveillance"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/657842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=657842"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/657842\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/657843"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=657842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=657842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=657842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}