The Italian parliamentary committee confirmed that the Italian government has hacked several activists working to save immigrants at sea using spyware made by Israeli company Paragon. However, the committee said its investigation concluded that no notable Italian journalists were among the victims, leaving key questions about spyware attacks unanswered.
The Parliamentary Committee on Security in the Republic, known as Copasir, released a report on Thursday concluded a multi-month investigation into the use of paragon spyware, known as graphite, across Italy. Israeli newspaper Haaretz first wrote about the report.
In January, WhatsApp began sending notifications to around 90 users, warning that they could be targeted by Paragon's spyware. Several Italian people moved forward after receiving notifications, prompting scandal in Italy. Italy has urged the long history of hosting spyware companies and the government's own use and abuse of spyware.
Since then, Copasir has been investigating allegations with the goal of clarifying exactly what happened.
Copasir specifically investigated the targets of Luca Casarini and Giuseppe Caccia, who work for Georneous Savings Human, an Italian nonprofit organization with a mission to save immigrants trying to cross the Mediterranean. In both cases, the committee concluded that it was legally targeted by Italian intelligence reporting agencies as part of an investigation relating to allegedly promoting illegal immigration to the country.
However, the Copasir committee concluded that there was no evidence that Francesco Cancellato, a journalist who received a notification from WhatsApp, which was the target of Paragon's spyware, was targeted by Italian intelligence agency.
The committee wrote that its representatives were able to query the intelligence agency's spyware database and audit logs for Cancellato's phone number audit logs and could not find any relevant records. The committee also said it had not found evidence of legal demands from the country's top prosecutor's office to spy on Cancerato, nor had it found evidence of the Ministry of Security Information, the Italian top government department overseeing the activities of the two countries' intelligence agencies, AISE and AISI, or the DIS DIS.
The report says Paragon has foreign government customers who could potentially target Italians, leaving it open through the door to see how Cancerato's mobile phone targeting could explain. Copasir provided no evidence to support this theory.
Contact us Do you have any details about Paragon and this Spyware campaign? From non-work devices, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or send an email. You can also contact TechCrunch via SecureDrop.
Cancellato is the director of FanPage.it. It is known for several researches on Italian news websites. The investigation revealed that in private, members made racist remarks and chanted fascist songs and slogans.
The report does not mention anything about Cancerato's colleague, Ciro Pellegrino. He was notified by Apple at the end of April that he had targeted government spyware. It is unclear whether Pellegrino is being targeted by Paragon spyware, and Apple notifications have not said anything.
The Italian government and Copasir did not respond to requests for comment asking about Cancerato and Peregrino in particular.
Cancellato responded to the report in an article published Friday, where he questioned Copasir's conclusions about his case and sought a better explanation.
“Is the case closed? It doesn't close at all,” wrote Cancerato.
For John Scott-Railton, a senior researcher at Citizen Lab, for John Scott-Railton, a human rights group investigating Spyware abuse (including recent cases of abuse in Italy), determining who is targeting Cancerato is the biggest question left in the report.
“This report causes the issue of Paragon Solutions as it leaves the most politically sensitive cases unanswered. Who targeted this journalist? This result cannot make Paragon happy.” “The Francesco Cancerato case remains completely unexplained, so all eyes are back in Paragon for answers.”
Scott-Railton also said that Citizen Lab is still investigating Cancellato's case and analyzing his phone and data. Cancello also confirmed this with TechCrunch.
Paragon did not respond to requests for comment.
Copasir also investigated the case of Mattia Ferrari, pastor of the Mediterranean human rescue ship. David Yambio is the president and co-founder of Libyan non-governmental refugees who operate in Italy. Copasir said they found no evidence that Ferrari was targeted, but confirmed that although it is not Paragon's spyware, there is evidence that Invio is a legal target for surveillance.
New details revealed by the investigation
As part of an investigation into the alleged use of spyware by the Italian government, Copasir found information on the use of paragons in the country and requested information from other government agencies, Citizen Lab and WhatsApp owner Meta.
The national anti-mafia prosecutor told Copasir that the Italian prosecutor's office never acquired or used Paragon's spyware, according to the report. (In Italy, all local prosecutors' offices have some freedom in procuring spyware.) The Carabinieri Military Police, the National Polizia di Stato, and the Guardia di Finanza of the Financial Crime Agency, gave the committee the same answer.
Paragon told Copasir that it has contracted with two Italian intelligence agencies, Aise and Aisi. The report said that a representative from Copasir visited DIS and the two agency's offices and looked at Spyware's database and audit logs to see how the agency used Paragon's spyware. Representatives concluded that there was no abuse related to surveillance of people who have advanced as targets of spyware in the past few months.
Copasir's report also revealed new details about how Paragon's Spyware system works behind the scenes. Copasir confirms that to use Paragon's spyware, operators must log in with their username and password, leaving detailed logs that are controlled by the customer and placed on servers that Paragon cannot access. However, according to Copasir, customers cannot delete data from server audit logs.
The committee also revealed details about Paragon and its Italian intelligence news clients Aise and Aisi.
Aise, an Italian foreign intelligence agency that began using graphite on January 23, 2024 after signing the contract a month ago, used Paragon spyware with the goal of investigating “illegal immigrants, fugitive search, fuel smuggling, terrorism, organized crime counter-scission, and safety activities within the agency itself.”
In doing so, the report said that AISE had “very limited” targeted unspecified phone users and accessed both real-time and stored communications sent via end-to-end encrypted apps.
Copasir said that Aisi, the Italian national intelligence agency, began using Graphite in early 2023, and that the contract currently cancelled on November 7, 2025 has expired. Aisi used AISI to use graphite in non-small but private cases related to real-time communication acquisition.
The report said that for each spyware deployment, the agency has appropriate legal approval.
Copasir said there will be an opportunity to confirm Paragon's contracts with Italian customers and confirm that there are clauses banning the use of spyware against journalists and human rights activists.
Following the investigation in March, Citizen Lab released a report on Paragon, which cites governments in Australia, Canada, Cyprus, Denmark, Israel and Singapore as customers of spyware manufacturers.
Last year, American Private Equity Giant AE Industrial reportedly bought Paragon for a deal that could reach $900 million.