Italian prosecutors assert that the journalist was hacked using Paragon spyware

A journalist who was alerted by WhatsApp last year to a suspected spyware attack on his phone had indeed been hacked, Italian authorities have confirmed.

In a press release sent to journalists on Thursday, the prosecutors’ offices in Rome and Naples, which are investigating the country’s spyware scandal, said that a technical report concluded that the phones of journalist Francesco Cancellato, as well as Giuseppe Caccia and Luca Casarini, two immigration activists, all showed traces of spyware infection in the “early hours” of December 14, 2024.

“The implementation of three consecutive attacks on the same night indicates that they may have been part of the same infection campaign,” the technical report said, according to the press release.

The full report has not yet been published.

This is the first independent confirmation that Cancelato, the administrator of the news site Fanpage, was hacked with spyware. In January 2025, Cancelato and about 90 other people, including journalists and members of civil society, were alerted via WhatsApp that they had been targeted with spyware made by Paragon Solutions, an Israeli-based company now owned by the US private equity firm AE Industrial.

According to the press release, Italian judicial authorities searched the server of the Paragon spyware used by the intelligence agency AISI to target the phones of its targets. While the judicial authorities found evidence of operations against Caccia and Casarini, they did not find any evidence of an operation against Cancellato.

It remains unclear who hacked Cancelato’s phone.

By June 2025, an investigation by the Italian Parliamentary Committee for the Security of the Republic, known as COPASIR, concluded that Italian intelligence agencies had lawfully targeted Caccia and Casarini, but the committee found no evidence that Cancellato had been hacked.

Prosecutors’ offices said they would continue the investigation to determine the identity of the Cancelato hackers.

The Italian government, led by far-right Prime Minister Giorgia Meloni, denied that it was behind the hacking of Cancellato’s website. In response to a journalist’s question during a press conference in January, Meloni merely said that her government was “offering all its assistance and all the answers it can to help clarify this issue.”

The Italian government did not respond to TechCrunch’s request for comment.

“We ask for clarity,” Cancelato said in an article Thursday. “We did not hear from the government, which remained silent whenever possible for a year, and when it did not remain silent, it lied.”

John Scott-Railton, one of the researchers at Citizen Lab who investigated the Paragon cases in Italy, said the new revelations about Cancellato’s hack “raise serious questions about why no confirmation has emerged in previous official investigations by Italian authorities.”

In response to the scandal, Paragon, whose spyware is called Graphite, canceled its contracts with its Italian government clients.

Spyware scandals spread across Europe

Aside from Caccia, Casarini and Cancellato, there were several other people in Italy who were identified as targets of the spyware, including Ciro Pellegrino, who also works at Fanpage and was alerted to a suspected attack on his iPhone by Apple last year. Researchers at Citizen Lab later concluded that Pellegrino had been hacked using Paragon spyware.

But the technical report cited by the prosecutor’s offices said it only found evidence of spyware on the phones of Caccia, Casarini and Cancellato, but not Pellegrino and four other alleged victims.

“I’m very upset,” Pellegrino, who said he had not yet seen the full technical report, told TechCrunch. “How could Citizen Lab, a spyware expert, have found evidence of Paragon’s Graphite on my phone, when the Italian plaintiffs’ experts did not? And why is Apple sending me alerts? For fun?”

The prosecutor’s offices in Rome and Naples did not respond to a request for comment.

A spokesperson for Polizia Postale, which is investigating the case, referred TechCrunch to the prosecutor’s offices.

Paragon, which had an active contract as of last year with U.S. Immigration and Customs Enforcement (ICE), and REDLattice, a company that merged with the spyware maker after the AE Industrial acquisition, did not respond to a request for comment.

Italy is the latest European country in recent years to be involved in a spyware scandal, after similar cases in Greece, Hungary, Poland and Spain.

At the end of last month, a Greek court sentenced Tal Delian and three other executives at spyware maker Intellexa to eight years in prison for illegal eavesdropping and invasion of privacy.

The ruling was part of the so-called “Greek Watergate” scandal, in which the Greek government was accused in 2022 of hacking into the phones of politicians, journalists, businessmen and military officials using Intellexa’s “Predator” spyware.