Italian authorities confirmed that a journalist who was alerted by WhatsApp last year of a suspected spyware attack on his phone was indeed hacked.
In a press release sent to journalists on Thursday, the public prosecutors’ offices in Rome and Naples, which are investigating the spyware scandal in the country, said that a technical report concluded that the phones of journalist Francesco Cancellato, as well as Giuseppe Caccia and Luca Casarini, two immigration activists, all showed traces of having been infected with spyware on the “early hours” of December 14, 2024.
“The execution of three consecutive attacks on the same night suggests that they may have been part of the same infection campaign,” the technical report said, according to the press release.
The full report is not yet public.
This is the first independent confirmation that Cancellato, who is the director of the news website Fanpage, was hacked with spyware. In January 2025, Cancellato and around 90 other people, including journalists and members of civil society, were alerted by WhatsApp that they had been targeted with spyware made by Paragon Solutions, an Israeli-based company now owned by American private equity firm AE Industrial.
According to the press release, Italian judicial authorities inspected the Paragon spyware server used by the intelligence agency, AISI, to target the phones of its targets. While the judicial authorities found evidence of operations against Caccia and Casarini, it found no evidence of an operation against Cancellato.
It remains unclear who hacked Cancellato’s phone.
Contact Us
Do you have more information about Paragon, and this or other spyware campaigns? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
By June 2025, an investigation by the Italian Parliamentary Committee for the Security of the Republic, known as COPASIR, concluded that Italian intelligence agencies had lawfully targeted Caccia and Casarini, but the committee found no evidence of a hack against Cancellato.
The prosecutors’ offices said they will continue to investigate to identify Cancellato’s hackers.
The Italian government, led by far-right prime minister Giorgia Meloni, has denied being behind the hack on Cancellato. In response to a question by the journalist during a press conference in January, Meloni only said that her government “is offering all its assistance and all the answers it can provide to help clarify this issue.”
The Italian government did not respond to TechCrunch’s request for comment.
“We are asking for clarity,” Cancellato said in an article on Thursday. “And we have not received it from the government, which has remained silent whenever possible for a year. And when it didn’t remain silent, it told lies.”
John Scott-Railton, one of the Citizen Lab researchers who investigated the Paragon cases in Italy, said that the new revelation about Cancellato’s hack “raises serious questions about why no confirmation was surfaced in prior official investigations by the Italian authorities.”
In response to the scandal, Paragon, whose spyware is called Graphite, cancelled its contracts with its Italian government customers.
Spyware scandals spread across Europe
Apart from Caccia, Casarini, and Cancellato, there were several other people in Italy who were identified as spyware targets, including Ciro Pellegrino, who also works at Fanpage and was alerted of a suspected attack on his iPhone by Apple last year. Researchers at the Citizen Lab later concluded that Pellegrino was hacked with Paragon spyware.
The technical report mentioned by the prosecutor’s offices, however, said it only found evidence of spyware on the phones of Caccia, Casarini, and Cancellato, but not Pellegrino and another four people who are alleged victims.
“I’m pretty disconcerted,” Pellegrino, who said he has not seen the full technical report yet, told TechCrunch. “How is it possible that Citizen Lab, an authority on spyware, found evidence that Paragon’s Graphite was on my phone, while the Italian prosecutors’ experts did not? And why would Apple send me the alerts? For fun?”
The prosecutor’s offices in Rome and Naples did not respond to a request for comment.
A spokesperson for the Polizia Postale, which is investigating the case, referred TechCrunch to the prosecutor’s offices.
Paragon, which as of last year had an active contract with the U.S. Immigration and Customs Enforcement (ICE), and REDLattice, a company that merged with the spyware maker after the acquisition by AE Industrial, did not respond to a request for comment.
Italy is the most recent European country in recent years to have been embroiled in a spyware scandal, after similar cases in Greece, Hungary, Poland, and Spain.
At the end of last month, a Greek court sentenced Tal Dilian and three other executives of the spyware maker Intellexa to eight years in prison for illegal wiretapping and privacy violations.
The sentencing was part of the so-called “Greek Watergate” scandal, in which the Greek government was accused in 2022 of hacking the phones of politicians, journalists, businesspeople, and military officials with Intellexa’s spyware Predator.
