Meta’s WhatsApp has identified a cyberattack targeting approximately 90 users across more than two dozen countries. The attack, linked to Israeli spyware firm Paragon Solutions, deployed a zero-click exploit—requiring no user interaction to compromise devices.
Following the breach, WhatsApp issued a cease-and-desist letter to Paragon and took steps to disrupt the attack. The company is also working with Citizen Lab, a Canadian internet watchdog group, to support affected users. While details on the specific individuals targeted remain undisclosed, the attack reportedly affected journalists, civil society members, and individuals in Europe.
Spyware companies like Paragon market their tools as essential for law enforcement and national security. However, such technologies have repeatedly been found on the devices of journalists, activists, and government officials, raising concerns over their misuse.
Paragon, recently acquired by Florida-based AE Industrial Partners, has positioned itself as a responsible player in the industry, claiming to sell only to democratic governments. However, privacy advocates argue that abuses of commercial spyware are widespread and systemic.
Best Practices for Secure Communication
To protect against spyware threats, individuals and businesses should follow these best practices:
- Use End-to-End Encryption: Ensure all communications are encrypted to prevent unauthorized access.
- Avoid Sending Sensitive Data via Text: Companies should never transmit confidential or sensitive information over text messaging services.
- Stay Updated: Keep messaging apps and devices updated to patch security vulnerabilities.
- Be Cautious of Unknown Messages: Avoid opening unsolicited documents or links, especially from unknown sources.
- Enable Security Features: Activate two-factor authentication and other security settings for additional protection.
As spyware threats continue to evolve, organizations must prioritize cybersecurity to safeguard their data and communications.