Spyware from Paragon hits Italian journalist’s iPhone

Spyware from Paragon hits Italian journalist’s iPhone is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• Watchdog group records first known targeting of journalist using Paragon spyware on iPhone.
• Spyware linked to Israeli firm found exploiting mobile device of Italian reporter working on migration.

What happened: Paragon spyware targets journalist’s iPhone

Cyber watchdogs Access Now and the Citizen Lab at the University of Toronto have confirmed that an Italian journalist’s iPhone was infected with Paragon spyware. The surveillance was discovered in early 2024 after the journalist voluntarily submitted the device for forensic checks. This journalist covers topics related to migration and EU border control. For safety, their identity remains undisclosed.

The attack used a zero-click exploit through Apple’s iMessage. The spyware activated without the journalist taking any action. This case is the first public example of Paragon spyware being used to monitor a journalist. Previously, no reports had linked Paragon to such attacks. Apple later confirmed that the device was compromised using known system vulnerabilities.

Paragon is an Israeli surveillance tech company founded in 2021. It builds spyware tools that can extract data from encrypted apps and phones. Although the company says it sells only to democratic governments for law enforcement use, this case raises new concerns.

Also read: iPhone users in 92 countries receive spyware attack alert
Also read: Watering hole cyberattacks increase, warns APNIC

Why it’s important

This case raises significant concerns about the expansion of spyware tools previously limited to state-level threats. Paragon joins other Israeli spyware firms like NSO Group, already known for producing Pegasus, which has been used to target journalists, activists, and political opponents worldwide.

Paragon’s involvement is notable because until now, there was little public evidence of its spyware being deployed. According to Citizen Lab, the method of attack via zero-click iMessage exploits is similar to techniques previously attributed to Pegasus, showing a trend where advanced surveillance technologies are becoming more widely accessible to actors beyond national intelligence services.

Spyware targeting journalists has a chilling effect on press freedom. Lorenzo Bagnoli, editor of Italian investigative outlet IrpiMedia, said this case “confirms what many suspected” that spyware is being used against those reporting on sensitive topics like migration. The broader implication is that even reporters in democratic nations are not immune from digital surveillance, with tools developed under the guise of national security now aimed at civil society.