Researchers name several countries as potential Paragon spyware customers

The new technical report of a renowned Digital Protection Lab states that the governments of Australia, Canada, Cyprus, Denmark, Israel and Singapore are probably the Israeli Spyware Manufacturer Paragon Solutions.

Wednesday, a group of educators and protection researchers set up at the University of Toronto, which investigated the spyware industry for more than a decade, Reveal a report The Israeli-established surveillance marks the six governments as “suspected paragon deployed”.

At the end of January, WhatsApp has notified about 90 users The company that believed that Paragon was targeted with spyware, A scandal request Italy, where Something Of Goal LiveThe

Paragon has long tried to distinguish himself from competitors, as NSO group – whose spyware There is Have been Abuse In Several Country – claims to be a more responsible spyware dealer. In 2021, anonymous senior paragon executive Told Forbes That authoritarian or non-democratic governance system can never be its customer.

John Fleming, Executive Chairman of Paragon was attempted to further strengthen his claims on being a responsible spyware dealer in January and probably being a responsible spyware dealer. Tell TechCrunch The company that “gives its technology licenses in an elected group of global democracy – originally, the United States and its associates.”

Israeli News Outlets reported in late 2024 The capital of the US initiatives this industrial partners achieved Paragon In front of at least 500 million dollars.

In a report published on Wednesday, the Citizens Lab said it was able to map the server infrastructure used for its spyware equipment, which was codenmeated on the seller’s codonam graphite on the basis of “a tip from a co -associate.” ”

Starting from this tip and after the development of a number of fingerprints capable of detecting related paragon server and digital certificates, researchers at the Citizen Lab found several IP addresses hosted by local telecom companies. Citizen Lab says that it believes that they are based on the servers, credentials of credentials, which seem to match the names of the countries located on the servers.

According to the Citizens Lab, a fingerprint developed by its researchers led to a digital certificate registered in the graphite, which seems to be an important operational mistake by the spyware manufacturer.

Citizen Lab wrote in the report, “Powerful situation evidence supports a connection between the Paragon and the infrastructure we have mapped.”

The report said, “The infrastructure we have received is associated with the webpage titled ‘Paragon’ returning by Israel’s IP address (where Paragon is based), as well as a TLS certificate containing the company’s name ‘Graphite’, the report.

Citizen Lab mentions that its researchers have identified several other codonams, indicating other potential government customers in Paragon. Among the suspected customer countries, the Citizens Lab has been single in Canada’s Ontario Provincial Police (OP), which seems to be a Paragon Customer who is connected to the OPP one of the IP addresses for suspicious Canadian customers.

TechCrunch has reached spokesperson for the following governments: Australia, Canada, Cyprus, Denmark, Israel and Singapore. TechCrunch Ontario also contacted the Provincial Police. None of the representatives responded to our requests to comment.

Arriving at TechCrunch, Paragon Fleming said Citizen reached the company and “provided very limited amounts of information, some of which seemed wrong.”

Fleming added: “In terms of the limited nature of the information provided, we cannot give a comment at the moment.” Fleming did not respond when asked when TechCrunch was wrong about the Citizen Lab report, or the countries characterized by the Citizen Lab did not answer the question of whether Paragon customers, or its its relationship status with Italian customers.

Citizens Lab noted that all the people notified by WhatsApp, who reached the organization to analyze their phones, used an Android phone. It allows the researchers to detect a “forensic artwork” leaving the spyware of the researchers, which researchers called “BigPretzel”.

Meta spokesperson Zadh Alswah told TechCrunch in a statement that the company “can confirm that we can believe that the index is associated with Lab BigPretzel Paragon.”

Read the Mater’s statement, “We first saw how to make weapons to the commercial spyware journalist and civil society, and these companies must be held accountable,” Read the Mater statement. “Our security team is constantly working to be ahead of the threat and we will continue to work personally to protect the power of the people in communication.”

Android phones do not always save specific device logs, the Citizen Lab noted that it was probably more people targeted by graphite spyware, even if there was no evidence of paragon spyware on their phone. And for those who were identified as damaged, it is not clear whether they were targeted in the past.

Citizen Lab also mentions that Paragon’s graphite spyware targets specific applications on the phone and compromises – without any interaction from the target – instead of compromising the larger operating system and device data. In the case of Bepple Cacia, ItalyWho works for an NGO that helps migrants, Citizen lab found evidence that spyware has infected two more applications on its Android device, not naming applications.

Citizen Lab noticed specific applications against the operating system of the device, saying that forensic investigators could make the hack evidence more difficult, but the app makers could give more visibility to spyware operations.

“Paragon’s spyware is more complicated than competitors. [NSO Group’s] Pegasus, however, at the end of the day, there is no ‘perfect’ spyware attack, “Senior researcher at Citizen Lab Bill Marcakak.

The clues are in different places than us before, but with sharing of cooperation and information, even the most difficult cases have been unveiled. ”

Citizens Lab also said that it was analyzed by David Yamabio’s iPhone, who works closely in his NGO with Caccia and others. Yambi also received a notice from Apple about targeting his phone tenant spyware, but researchers could not find evidence that he was targeted with Paragon’s spyware.

Apple did not respond to any request for comment.