Italian authorities have confirmed that a journalist notified by WhatsApp last year of a suspected spyware attack on his phone was indeed hacked.
In a press release sent to reporters on Thursday, prosecutors in Rome and Naples, which are investigating the country’s spyware scandal, said a technical report concluded that the phones of journalist Francesco Cancellato and immigration activists Giuseppe Caccia and Luca Casarini all showed signs of being infected with spyware 1 hours ago. 2024.
“The execution of three consecutive attacks on the same night suggests that they may have been part of the same infection campaign,” the technical report said, according to the press release.
The full report is not yet public.
This is the first independent confirmation that Cancellato, who is the director of news website Fanpage, was hacked with spyware. In January 2025, Cancellato and about 90 other people, including journalists and members of civil society, were notified by WhatsApp that they had been targeted with spyware by Paragon Solutions, an Israel-based company now owned by US private equity firm AE Industrial.
According to the press release, Italian judicial authorities inspected the Paragon spyware server used by the AISI intelligence agency to target the phones of its targets. While judicial authorities found evidence of operations against Caccia and Casarini, they did not find evidence of an operation against Cancellato.
It remains unclear who hacked Cancellato’s phone.
Contact us
Do you have more information about Paragon and this or other spyware campaigns? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram and Keybase @lorenzofb or via email.
By June 2025, an investigation by Italy’s Parliamentary Committee for the Security of the Republic, known as COPASIR, concluded that Italian intelligence services had legitimately targeted Caccia and Casarini, but the committee found no evidence of hacking against Cancellato.
Prosecutors said they would continue their investigation into Cancelato’s hackers.
The Italian government, led by far-right Prime Minister Giorgia Meloni, has denied being behind the Cancelato hack. In response to a reporter’s question during a press conference in January, Meloni said only that her administration was “offering all its assistance and all the answers it can provide to help clarify this issue.”
The Italian government did not respond to TechCrunch’s request for comment.
“We ask for clarity,” Cancellato he said in an article on Thursday. “And we didn’t get it from the government, which kept quiet whenever possible for a year. And when he wasn’t silent, he lied.”
John Scott-Railton, one of the Citizen Lab researchers who investigated the Paragon cases in Italy, said the new revelation about Cancellato’s hack “raises serious questions about why corroboration did not appear in earlier official investigations by Italian authorities.”
In response to the scandal, Paragon, whose spyware is called Graphite, canceled its contracts with Italian government clients.
Spyware scandals spread across Europe
In addition to Caccia, Casarini and Cancellato, there were several other people in Italy identified as spyware targets, including Ciro Pellegrino, who also works at Fanpage and was notified of a suspected attack on his iPhone by Apple last year. Researchers at Citizen Lab later concluded that Pellegrino was hacked with Paragon spyware.
The technical report cited by the prosecutor’s office, however, said it only found evidence of spyware on the phones of Caccia, Casarini and Cancellato, but not Pellegrino and four other alleged victims.
“I’m pretty concerned,” Pellegrino, who said he has yet to see the full technical report, told TechCrunch. “How is it possible that Citizen Lab, an authority on spyware, found evidence that Paragon’s Graphite was on my phone, while Italian prosecutors’ experts did not? And why would Apple send me the alerts? Just kidding?”
Prosecutors in Rome and Naples did not respond to a request for comment.
A spokesperson for Polizia Postale, which is investigating the case, referred TechCrunch to prosecutors.
Paragon, which as of last year had an active contract with US Immigration and Customs Enforcement (ICE), and REDLattice, a company that merged with the spyware maker after being acquired by AE Industrial, did not respond to a request for comment.
Italy is the latest European country in recent years to be embroiled in a spyware scandal, following similar cases in Greece, Hungary, Poland and Spain.
Late last month, a Greek court sentenced Tal Dilian and three other executives at spyware maker Intellexa to eight years in prison for illegal wiretapping and privacy violations.
The conviction was part of the “Greek Watergate” scandal, in which the Greek government was accused in 2022 of hacking the phones of politicians, journalists, businessmen and military officials with Intellexa’s Predator spyware.
