According to an official from Meta's WhatsApp communication application, Israeli spyware firm Paragon Solutions targeted a large number of its users, including journalists and civil society representatives.

Following the incident, WhatsApp issued Paragon a cease-and-desist letter, according to an official on Friday. In a statement, WhatsApp stated that it "will continue to protect people's ability to communicate privately," while the Israeli firm declined to comment. 

WhatsApp officials informed Reuters that they had discovered an attempt to hack about 90 users of the platform, ranging from civil society to media members. One official revealed WhatsApp stopped the hacking attempt and was referring targets to the Canadian online watchdog group Citizen Lab.

The official refused to reveal how it determined that Paragon was responsible for the hack, detailing that law enforcement and industry partners had been notified but declined to go into detail.

According to Citizen Lab researcher John Scott-Railton, the discovery of Paragon malware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate, and as it does, so do we see familiar patterns of problematic use."

Israeli spyware firms like NSO group and Pegasus, have in the past claimed their services to governments are crucial to combating crime and preserving national security while in effect engaging in espionage activities against journalists, activists, and opposition lawmakers, raising worries. 

Natalia Krapiva, senior tech-legal counsel at the advocacy organization Access Now, stated that Paragon had the reputation of being a superior spyware firm, "but WhatsApp's recent revelations suggest otherwise."

"This is not just a question of some bad apples — these types of abuses (are) a feature of the commercial spyware industry."

US judge rules Israeli NSO Group liable for WhatsApp hacking

Last month, a US judge ruled in favor of WhatsApp in a lawsuit against "Israel's" NSO Group, accusing the company of exploiting a vulnerability in the app to install spy software for unauthorized surveillance.

US District Judge Phyllis Hamilton in Oakland, California, granted WhatsApp's motion and determined NSO was liable for hacking and breach of contract.

The case is now set to move to trial to address the issue of damages, according to Hamilton. However, the NSO Group did not immediately comment on the ruling.

A senior researcher at the Canadian internet watchdog Citizen Lab, John Scott-Railton — who uncovered NSO's Pegasus spyware in 2016 — described the ruling as a landmark decision with "huge implications for the spyware industry."

In an instant message he said, “The entire industry has hidden behind the claim that whatever their customers do with their hacking tools, it's not their responsibility,” adding, “Today's ruling makes it clear that NSO Group is in fact responsible for breaking numerous laws.”

NSO history of unauthorized access 

In 2019, WhatsApp took legal action against NSO, requesting an injunction and damages, accusing the company of hacking WhatsApp's servers six months earlier to deploy Pegasus spyware on victims' devices.

The lawsuit claimed the breach led to the surveillance of 1,400 individuals, including journalists, human rights defenders, and political dissidents.

To justify its actions, NSO argued that Pegasus helps law enforcement and intelligence agencies counter crime and protect national security, while its technology intends to catch terrorists, pedophiles, and hardened criminals.