A parliamentary committee in Italy confirmed that the Italian government had hacked a number of activists who were trying to help immigrants at sea using spyware manufactured by the Israeli company Paragon. Key issues regarding the spyware attacks remain unanswered, the committee stated, as its inquiry found that a well-known Italian journalist was not one of the victims.
After a monthslong investigation into the usage of Paragon’s spyware, Graphite, throughout Italy, the Parliamentary Committee for the Security of the Republic, or COPASIR, released a report on Thursday. The report was initially covered by the Israeli publication Haaretz.
About 90 WhatsApp users received warnings in January warning them that they might have been the target of Paragon’s spyware. After getting the notices, a number of Italians stepped forward, sparking a scandal in the country that has a lengthy history of harboring spyware businesses and its own government’s misuse and exploitation of spyware.
Since then, COPASIR has investigated the allegations with the goal of clarifying exactly what happened.
The targeting of Luca Casarini and Giuseppe Caccia, who are both employed by Mediterranea Saving Humans, an Italian charity organization dedicated to saving refugees attempting to cross the Mediterranean Sea, was specifically looked into by COPASIR. The committee determined that in each of their cases, Italian intelligence agencies had legitimately targeted them as part of their investigations into the alleged facilitation of illegal immigration into Italy.
However, the COPASIR committee came to the conclusion that there was no proof that Italy’s intelligence services had targeted Francesco Cancellato, a journalist who also got a WhatsApp notice alerting him that he had been the subject of Paragon’s spyware.
According to the committee, its representatives searched the audit logs and spyware database of the intelligence services for Cancellato’s phone number but were unable to locate any pertinent information. The committee also claimed to have found no proof of any official requests to spy on Cancellato from the Department of Information for Security (DIS), a high-ranking Italian government agency that regulates the operations of the nation’s two intelligence services, the AISI and the AISE, or the office of the country’s top prosecutor.
The report mentioned that Paragon has foreign government clients who might target Italians, raising the possibility that this could be the reason why Cancellato’s phone was targeted. There was no proof offered by COPASIR to back up this theory.
Cancellato is the director of the Italian news website Fanpage.it, which has conducted a number of investigations, including one on the youth wing of Prime Minister Giorgia Meloni’s far-right ruling party in Italy. According to the probe, the members yelled fascist songs and slogans and made racial remarks in private.
Cancellato’s coworker Ciro Pellegrino, who was notified by Apple at the end of April that he had been the subject of government spyware, was not included in the article. It is unclear if Paragon’s spyware was directed at Pellegrino, and the Apple notification made no mention of it.
The Italian government, as well as COPASIR, did not respond to a request for comment, specifically asking about Cancellato and Pellegrino.
In a Friday article, Cancellato reacted to the study by challenging COPASIR’s findings regarding his case and requesting more thorough justifications.
“Case closed? Not at all,” Cancellato wrote.
The report’s biggest unanswered concern, according to John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that looks into spyware abuses, including the recent misuse instances in Italy, is who was targeting Cancellato.
“This report poses a challenge for Paragon Solutions since it fails to address the most delicate political issue: Who was the target of this journalist? “Paragon cannot be satisfied with this result,” Scott-Railton told TechCrunch. “Everyone is waiting for Paragon to provide an explanation because Francesco Cancellato’s case is still entirely unexplained.”
Additionally, Scott-Railton stated that Citizen Lab is still looking into Cancellato’s case and examining his data and phone. Cancellato gave TechCrunch confirmation of this as well.
Paragon did not respond to a request for comment.
Additionally, COPASIR looked into the cases of David Yambio, the president and co-founder of the non-governmental organization Refugees in Libya, which operates in Italy, and Mattia Ferrari, the priest aboard the Mediterranea Saving Humans rescue ship. Although it could not discover any proof that Ferrari was the target, COPASIR acknowledged that Yambio had been a legitimate target of surveillance—albeit not using Paragon’s spyware.
New details uncovered by the investigation
In order to learn more about the usage of Paragon in Italy, COPASIR contacted Citizen Lab, WhatsApp’s owner Meta, and other government agencies as part of its inquiry into the suspected use of spyware by the Italian government.
The report claims that the national anti-mafia prosecutor informed COPASIR that no Italian prosecutor’s office had purchased or utilized Paragon’s spyware. (Every municipal prosecutor’s office in Italy has certain latitude in obtaining spyware.) The committee received the same response from the Guardia di Finanza, the national Polizia di Stato, and the Carabinieri military police.
Paragon informed COPASIR that it has agreements with AISE and AISI, the two Italian intelligence services. According to the report, COPASIR personnel visited the DIS and the offices of the two agencies. They looked into the database and audit logs of the spyware to determine how the agencies utilized Paragon’s spyware and who they targeted. The representatives came to the conclusion that there had been no misuse of the surveillance of those who had come forward as targets of spyware in the previous few months.
New information on the inner workings of Paragon’s spyware system was also disclosed in the COPASIR report. According to COPASIR, it confirmed that in order to utilize Paragon’s spyware, an operator must provide their account and password. Additionally, each spyware deployment leaves behind comprehensive logs that are stored on a customer-controlled server that Paragon cannot access. However, COPASIR states that the client is unable to remove anything from the audit logs on their servers.
The committee also discovered information regarding Paragon’s relationship with AISE and AISI, two Italian intelligence clients, who claimed to have subsequently terminated their agreements with Paragon.
In order to investigate “illegal immigration, searching for fugitives, smuggling of fuels, counterintelligence, countering terrorism and organized crime, as well as for the internal security activities of the agency itself,” Paragon’s spyware has been used by Italy’s foreign intelligence agency AISE, which began using Graphite on January 23, 2024, after signing a contract a month earlier.
According to the study, AISE accessed both stored and real-time conversations sent across end-to-end encrypted apps, targeting a “very limited” but undisclosed number of phone users.
According to COPASIR, the now-canceled contract with AISI, Italy’s domestic intelligence agency, would have ended on November 7, 2025, having begun utilizing Graphite earlier in 2023. While the cases are “a touch more common” when it comes to exfiltrating chat messages saved on a target’s devices, AISI, like AISE, used Graphite in a modest but unspecified number of cases pertaining to obtaining real-time conversations.
According to the study, the authorities claimed that each spyware deployment had the necessary legal authority.
According to COPASIR, it had the opportunity to examine Paragon’s agreements with its Italian clients and confirm that the spyware’s use against journalists and human rights advocates is prohibited.
The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore were identified as probable clients of the spyware manufacturer in a report on Paragon released by Citizen Lab in March after an investigation.
Leave feedback about this