Graphite Caught: First Forensic Confirmation of Paragon's iOS Mercenary Spyware Finds Journalists Targeted
Essential information
- Published
- 12/06/2025 22:00
- Modified
- 13/06/2025 08:49
- Tags
- 2025-06-12 CVE-2025-43200 bigpretzel graphite imessage ios journalists mercenary spyware paragon zero-click attack
- Related entities
- 1 intrusion sets (apt), 2 malware, 2 others
Description
An investigation reveals that two journalists were targeted with Paragon's Graphite mercenary spyware on iOS devices. Forensic analysis confirmed the use of a zero-click attack exploiting a vulnerability (CVE-2025-43200) in iOS 18.2.1. The same attacker targeted both victims, suggesting a coordinated effort against media professionals. The spyware was linked to a specific server and iMessage account. This discovery is part of a broader pattern of spyware use against European journalists, raising concerns about press freedom and digital security. The Italian government acknowledged using Graphite in some cases but denied involvement in targeting certain journalists. The incident highlights the ongoing threat of mercenary spyware to civil society and the need for greater accountability.