Skip to content

Graphite spyware found targeting European journalists

  • by
  • 2 min read

Security researchers have confirmed that two European journalists were targeted using Graphite spyware, a surveillance tool developed by Israeli spyware developer Paragon Solutions. The spyware exploited a zero-click vulnerability in Apple’s iMessage app to gain access to the targeted devices.

The discovery was made by researchers at Citizen Labs, whose report claims Ciro Pellegrino, a journalist at Italian publication Fanpage.it and another anonymous reporter were the victims.

Graphite targeted iOS version 18.2.1 and exploited CVE-2025-43200, a zero-day vulnerability that has since been fixed. The vulnerability was patched with the release of iOS 18.3.1 in February 2025, but the CVE identifier was quietly added in an update to Apple’s security advisory on June 11.

This is an image of spyware on pc

The malware itself was delivered via a maliciously crafted photo or video shared via an iCloud link. The attackers sent these maliciously crafted messages to the victim over iMessage, which exploited CVE-2025-43200 to execute malicious code remotely on the target device. In the end, the malware was delivered to the target device without any interaction from the user, meaning the targets had no visible clues to indicate that they had been hacked and were under surveillance.

The spyware did clean up after itself, leaving little trace of malicious activity on the targeted devices. However, researchers were able to recover logs that contained evidence of malicious activity, enough to attribute the attack to Paragon’s Graphite with “high confidence.” Once active on the target device, the malware communicated with its command-and-control (C2) server located at https://46.183.184.91, a private server linked to Paragon’s infrastructure. The IP address was hosted on EDIS Global and was reportedly active until at least April 12.

This isn’t the first time the Israeli spyware vendor has been in headlines either. Paragon Solutions confirmed that it sells its products to the US government and its allies in February 2025. Its flagship Graphite spyware was caught targeting Italian journalists and activists via WhatsApp in a March 2025 report published by Citizen Labs.

In the News: Over 40,000 security cameras found accessible via internet

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of macbook pro featured 123

Novel North Korean macOS malware found targeting Web3, crypto platforms

This is an image of dark web hacker security

Chinese hacker linked to Silk Typhoon arrested in Italy

Illustration: jmiks | shutterstock

New ransomware gang found terrorising Windows and Linux PCs

Top 25 call of duty (cod) wallpapers every gamers should check out

COD WWII hacked; PC version taken offline

This is an image of google office detroit

Google receives $314 million fine for misusing Android cellular data

This is an image of china taiwan featured 1

Taiwan issues warning against 5 Chinese apps

>