An influential Italian businessman, Francesco Gaetano Caltagirone, got the message via WhatsApp that his phone had been targeted with surveillance software built by Paragon Solutions, resulting from an investigation by IrpiMedia and La Stampa. The alert was one of dozens sent in a broad wave of warnings targeting about 90 people, suggesting it was a coordinated effort rather than a single investigation.

The man’s motive is not known, and a spokesman for Caltagirone’s holding company, Caltagirone SpA, did not return messages seeking comment from local news outlets. The group includes construction, real estate, finance and publishing companies as well as the high-profile daily newspaper Il Messaggero — making any attempt to tamper with his device of great interest to the public.

A Wider Net of Targets Emerges in Italy’s Spyware Case

If the reports are true, Caltagirone would be the largest business figure among reported targets of Paragon spyware in Italy. Previous revelations focused on journalists at Fanpage, including Francesco Cancellato and Ciro Pellegrino, as well as civil society actors like rescue NGO Mediterranea Saving Humans head honchos Luca Casarini and Giuseppe Caccia. The inclusion of a prominent business figure suggests it is yet broader than the usual surveillance targets such as investigative media and migration advocates.

Italian media have also reported that, after news of the surveillance of reporters emerged, Paragon severed its relationships with government customers serving within Italy. That rift highlights how public scrutiny can shatter commercial ties in the opaque market for “lawful intercept” tools — software licensed to governments that has been repeatedly misused across the world.

How WhatsApp Alerts Warn Targets of Spyware Threats

WhatsApp has alerted to threats some of its users likely faced from state-backed spyware since it made public a high-profile hacking attempt over two years ago. The platform does not specify what technical indicators are included in each alert, but they commonly recommend emergency device updates and increased security measures. Apple runs a similar program, and said that it had informed users in over 150 countries about suspected mercenary spyware, an indication of how widely these operations have spread.

Contemporary mobile implants increasingly depend on zero-click exploits transmitted through messaging, push notifications or baseband channels and observe further compromise with the victim having no interaction.

Once installed, they can exfiltrate messages, files, location data and impersonate the microphone or camera. Security labs including Citizen Lab and Amnesty International’s Security Lab have repeatedly documented these capabilities across a variety of vendors.

Paragon’s Place In An Overscrutinized Industry

Paragon Solutions, based in Israel, advertises itself as an “ethical” provider to carefully vetted government customers. The business was purchased by U.S. private equity group AE Industrial Partners in a deal announced last year, and media reported that it planned to merge with cybersecurity contractor REDLattice. Paragon’s tools, according to researchers and media, are high-end implants targeting mobile devices that compete with all the other players’ products (behavior/remote/tasking/files/data exfiltration/communications/surveillance) on a very crowded foundation; marketing GLONASS support doesn’t make it out of the garden.

Italy has a fraught relationship with surveillance tech. The Milan-based intrusion sales were revealed by a 2015 hacking of Hacking Team: along with Lookout, Google’s Threat Analysis Group later concluded that Italian vendor RCS Lab’s “Hermit” spyware was at work in Italy and beyond. An Italian-produced spyware, called Exodus, led to a domestic scandal last year about mishandled deployments. The incidents have helped inspire demands for stronger procurement controls, clearer legal standards and independent oversight.

What This Means for Italy, Its Media, and Europe at Large

Focusing on a prominent business leader introduced new questions about who would authorize surveillance and under what circumstances. The European legislature has called on member countries, in its PEGA Committee report, to limit the use of spyware to exceptional circumstances with strict judicial controls, a high degree of oversight and an effective remedy for victims. Privacy regulators have cautioned that such broad or excessive use can potentially infringe upon the EU Charter of Fundamental Rights and data protection rules under GDPR and ePrivacy legislation.

For companies that own media assets, the stakes are higher. An executive’s device that is even just compromised can reveal fusillades of apparently sensitive communications within the newsroom and beyond it, from business negotiations to source material, chilling reporting while also distorting markets. Transparency about procurement chains, and oversight mechanisms — from ministries down to intelligence services and courts — will be crucial to restore confidence.

Protection Strategies for High-Profile Targets and Teams

Security experts recommend frequent updating of the OS, enabling automatic patching, and limiting the attack surface by disabling unnecessary messaging previews and dangerous plugins. Reducing some of this functionality, you’ll increase the cost of exploitation massively for mercenary spyware on iOS with Lockdown Mode. Safelist users, regular device upgrade cycles, clear delineation between personal and work phones and controlled access to encrypted apps through managed configurations can help reduce exposure as well.

Just as critical is a response plan: preserve evidence, engage a reliable incident response team and partner with platform security entities that make it known to users when they have been targeted. Civic organizations such as Access Now’s Digital Security Helpline and leading academic labs offer guidance for at-risk users, including journalists, activists and executives.

What We Still Don’t Know About the Paragon Spyware Case

Crucial information is missing: the legal authority for the operation, how the infection was introduced and whether it succeeded. Paragon and WhatsApp did not respond to requests for comment in local coverage, Italian authorities have not released public information. The key test, as more and more names come to light in the current wave of January notifications, is whether oversight bodies can credibly assess claims of necessity and proportionality — and when wrongful use does occur, establish accountability.