Paragon

Paragon, also referred to as Paragon Solutions or Paragon Solutions Ltd., is an Israeli private sector offensive actor / spyware vendor founded in Israel in 2019. Its spyware platform, Graphite, is described as mercenary spyware capable of accessing messages, emails, cameras, microphones, and location data, including via zero-click exploitation and without user interaction. The content identifies Paragon as an Israeli company and states Graphite is typically deployed by government clients for national security investigations. The reporting links Paragon to multiple exploit chains and spyware operations. WhatsApp identified, mitigated, and attributed an active Paragon zero-click exploit, and on January 31, 2025 notified about 90 accounts it believed were targeted with Paragon spyware, including journalists and civil society members. Citizen Lab reported forensic evidence with high confidence that Italian journalist Ciro Pellegrino and another prominent European journalist were targeted with Paragon’s Graphite spyware via a zero-click iMessage exploit tracked as CVE-2025-43200. Additional reporting states Meta linked Paragon exploitation to CVE-2025-27363 in FreeType and to WhatsApp attack activity involving PDF files in group chats. Citizen Lab also identified the Android forensic artifact BIGPRETZEL as associated with Paragon Graphite infections, and found it on devices belonging to Giuseppe Caccia and Luca Casarini. The content states that Paragon infrastructure and/or deployments were identified in Australia, Canada, Cyprus, Denmark, Israel, Italy, and Singapore. Citizen Lab mapped suspected Paragon infrastructure using TLS certificate fingerprints and assessed associated systems as likely victim-facing command-and-control servers. The content also references suspected customer deployments and notes that Italy publicly confirmed being a Paragon customer; Italy’s external intelligence service AISE confirmed that Graphite had been deployed by the agency on multiple occasions. Victimology in the provided content includes journalists, civil society members, migrant rescue and advocacy figures, and other high-profile individuals. Named targets or victims mentioned include Ciro Pellegrino, Francesco Cancellato, Luca Casarini, Giuseppe Caccia, David Yambio (targeted with mercenary spyware, though Citizen Lab did not conclusively attribute that iPhone case to Paragon), and UniCredit CEO Andrea Orcel. The content further states that Paragon’s claims of selling only to rights-respecting government customers are undermined by evidence of targeting against journalists, activists, and civil society members. Aliases directly supported by the content include Paragon, Paragon Solutions, and Paragon Solutions Ltd.