Italian authorities have confirmed that journalists who were alerted to a suspected spyware attack on their mobile phones by WhatsApp last year were indeed hacked.
Prosecutors in Rome and Naples, which is investigating the country’s spyware scandal, said in a press release sent to journalists on Thursday that a technical report concluded that the mobile phones of journalist Francesco Cancellato and immigration activists Giuseppe Caccia and Luca Cassarini all showed signs of being infected with spyware in the “early morning hours” of December 14, 2024.
“The three consecutive attacks carried out on the same night suggest they may have been part of the same infection campaign,” the technical report said in a press release.
The full text of the report has not yet been released.
This is the first independent confirmation that Cancellato, director of the news website Fanpage, was hacked with spyware. In January 2025, Cancerato and around 90 other people, including journalists and civil society members, were alerted by WhatsApp that they were being targeted by spyware manufactured by Paragon Solutions, an Israeli-based company now owned by American private equity firm AE Industrial.
According to a press release, Italian judicial authorities have inspected the Paragon spyware server used by the intelligence agency AISI to target target mobile phones. Judicial authorities found evidence of an operation against Caccia and Cassarini, but no evidence of an operation against Cancerato.
It remains unclear who hacked Cancellato’s phone.
inquiry
Do you have more information about Paragon or this or any other spyware campaign? You can contact Lorenzo Franceschi-Bicchierai securely from your non-work device on Signal (+1 917 257 1382) or on Telegram and Keybase @lorenzofb or by email.
By June 2025, an investigation by the Italian Parliamentary Committee for Security of the Republic, known as COPASIR, concluded that Italian intelligence services had legitimately targeted Caccia and Casalini, but the committee found no evidence of hacking against Cancerato.
Prosecutors said they would continue investigating to identify Mr. Cancerato’s hackers.
Italy’s government, led by far-right Prime Minister Giorgia Meloni, has denied any involvement in the Cancerato hack. In response to questions from journalists at a press conference in January, Meloni said only that the government was “providing all the support and all the answers it can to clarify this issue.”
The Italian government did not respond to TechCrunch’s request for comment.
“We want clarity,” Cancellato said in Thursday’s article. “And we haven’t received any information from the government. The government has been as silent as possible for a year. And when they couldn’t stay silent, they lied.”
John Scott Railton, one of the Citizen Lab researchers who investigated the Paragon scandal in Italy, said the new revelations about Cancellato’s hacking “raise serious questions about why no corroboration was uncovered in previous official investigations by Italian authorities.”
In the wake of the scandal, Paragon, the company behind the spyware called Graphite, terminated its contract with an Italian government customer.
Spyware scandal spreads across Europe
In addition to Caccia, Casarini, and Cancellato, there were several other individuals identified as targets of spyware in Italy. Among them is Ciro Pellegrino, who also works for the fan page and was reported by Apple last year for suspected iPhone attacks. Citizen Lab researchers later concluded that Pellegrino was hacked by Paragon spyware.
But a technical report cited by prosecutors said they found evidence of spyware only on the phones of Mr. Caccia, Mr. Cassarini and Mr. Cancellato, but not on Mr. Pellegrino and four other alleged victims.
“I’m pretty perplexed,” Pellegrino told TechCrunch, although he hasn’t yet seen the full technical report. “How is it possible that spyware authority Citizen Lab found evidence that my phone had Paragon Graphite in it, but Italian prosecutors’ experts didn’t? And why would Apple send me a warning? Just for fun?”
Prosecutors in Rome and Naples did not respond to requests for comment.
A spokesperson for Polizia Postale, which is investigating the incident, referred TechCrunch to prosecutors.
Paragon, which had active contracts with U.S. Immigration and Customs Enforcement (ICE) as of last year, and REDLattice, which merged with the spyware maker after being acquired by AE Industrial, did not respond to requests for comment.
Italy has become the latest European country to be embroiled in a spyware scandal in recent years, following similar incidents in Greece, Hungary, Poland and Spain.
Late last month, a Greek court sentenced Tal Dirian and three other executives of spyware maker Intellexa to eight years in prison for illegal wiretapping and invasion of privacy.
The ruling was part of the Greek Watergate scandal, in which the Greek government was accused of using Intellexa’s Predator spyware to hack into the mobile phones of politicians, journalists, businessmen and military personnel in 2022.
Source link
