On Friday, at 2:48 p.m., Francesco Cancellato received an ominous notification on his cellphone while he was at home near Milan.
“This is a message from WhatsApp,” read the message in Italian, which was obtained by Read. “In December, WhatsApp interrupted the activities of a spyware company which we believe attacked your device. Our investigations indicate that you may have received a harmful file via WhatsApp and that the spyware may have resulted in accessing your data, including messages saved on the device.”
“We have made changes to prevent this specific attack from happening again. However, your device’s operating system may remain compromised due to the spyware,” continued the message.
Cancellato is the first target to come forward following the disclosure of a hacking campaign carried out using spyware allegedly made by Paragon Solutions, as WhatsApp claimed on Friday.
At the time, WhatsApp said that the spying campaign targeted around 90 people, including journalists like Cancellato and members of civil society all over the world, including in Europe.
“I feel violated,” Cancellato told Read, who said that at the beginning he thought the message was a scam or a joke. “You always think somehow that a journalist might be wiretapped or spied on, but you do it more out of your own paranoia and to exorcise the fact that you may be. When someone tells you it’s true, you tend not to believe it, you always tend to think it’s something else.”
Then, he said he realized it was real. “You ask yourself, why me? This is the thing, I mean, what did they want from me?”
“That’s the first question, the second question is what did they take from me? Where did they go? What did they do to me? Once they got into my phone, where there is basically my whole life, my vacations, my friendships, my family, my bank passwords, there is everything — my work stuff,” said Cancellato. “And then the third question is who did it?”
Cancellato is the director of Fanpage.itan Italian news website that is known for investigations into corruption, organized crime, the Catholic Church, and the youth-wing of the far-right ruling party in Italy, led by Prime Minister Giorgia Meloni.
For that multi-part investigation last year, Fanpage sent reporters undercover to infiltrate the “Gioventù Meloniana,” a group that is part of Meloni’s Fratelli d’Italia party, which has ruled Italy since 2022. The investigation showed videos of several party members making racist remarks against Jewish and Black people, chanting N-words and Nazi slogans, and singing about the fascist dictator, Benito Mussolini.
Do you have more information about Paragon, and this spyware campaign? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact Read via SecureDrop.
Cancellato said he decided to come out publicly because, as a journalist, his job is to report the news. However, he said he didn’t want to speculate who was behind it. At this point, there are a lot of unanswered questions. including whether his phone was indeed hacked or targeted unsuccessfully, what the hackers were after, and who ordered the attack.
WhatsApp said that the hacking campaign was carried out by Paragon Solutions, an Israeli government spyware maker that reportedly sells a product to spy on encrypted apps, such as WhatsApp and Signal, called Graphite, as Forbes reported in 2021.
A WhatsApp spokesperson did not respond to a request for comment asking if the company could confirm that Cancellato was a target.
The Guardian quoted a person close to the company saying Paragon Solutions sold its products to 35 democratic government clients. And Israeli news outlet Ynetnews reported on Monday that Italy is a Paragon customer.
Also on Monday, The Guardian reported that Sweden-based Libyan activist Husam El Gomati was also notified by WhatsApp as being one of the targets of the hacking campaign. El Gomati has been vocal criticizing Italy’s relationship with Libya, particularly an agreement between the two countries to stop immigrants from crossing the Mediterranean.
Read did not receive a response after contacting the Italian government’s press office email address, as well as to Fabrizio Alfano, the head of Meloni’s press office, via email and WhatsApp.
Paragon Solutions has cultivated a reputation for being a responsible surveillance tech vendor. On its official websitethe company says it “provides our customers with ethically based tools, teams, and insights to disrupt intractable threats.”
An unnamed Paragon Solutions source told The New Yorker last year that the company’s deal with the U.S. Immigration and Customs Enforcement months earlier in September was the result of a vetting process where the company allegedly showed it could prevent its technology from being used by other countries against Americans, but not the U.S. government
Paragon Solutions was acquired in December 2024 by American private equity giant AE Industrial Partners.
Paragon Solutions and AE Industrial did not respond to a request for comment.
WhatsApp’s message to Cancellato suggested he could contact Citizen Lab, a digital rights group at the University of Toronto that has for a decade investigated and exposed spyware abuses all over the world, including Ethiopia, Mexico, Morocco, Saudi Arabia, and Spain.
Cancellato, who said he and Fanpage have contacted the authorities, told Read that he “did what the message asked me to do.”
“It is actually quite strange for a journalist to be spied on in a Western democracy,” said Cancellato, adding that the phone that was targeted was his company device, so “it’s an attack on Fanpage, it’s not an attack on me.”
