Graphite Caught: First Forensic Confirmation of Paragon's iOS Mercenary Spyware Finds Journalists Targeted

SUMMARY :

An investigation reveals that two journalists were targeted with Paragon's Graphite mercenary spyware on iOS devices. Forensic analysis confirmed the use of a zero-click attack exploiting a vulnerability (CVE-2025-43200) in iOS 18.2.1. The same attacker targeted both victims, suggesting a coordinated effort against media professionals. The spyware was linked to a specific server and iMessage account. This discovery is part of a broader pattern of spyware use against European journalists, raising concerns about press freedom and digital security. The Italian government acknowledged using Graphite in some cases but denied involvement in targeting certain journalists. The incident highlights the ongoing threat of mercenary spyware to civil society and the need for greater accountability.

OPENCTI LABELS :

graphite,ios,imessage,mercenary spyware,journalists,bigpretzel,zero-click attack,paragon,cve-2025-43200


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Graphite Caught: First Forensic Confirmation of Paragon's iOS Mercenary Spyware Finds Journalists Targeted