WhatsApp has disrupted a hacking campaign that targeted around 90 users, including journalists and members of civil society, the messaging platform revealed on Friday. The campaign was linked to Paragon, an Israeli spyware maker that was acquired by American private equity giant AE Industrial in December last year.

A WhatsApp spokesperson told TechCrunch that the company had reached out directly to the individuals who were affected by the hacking campaign, which used malicious PDFs sent via WhatsApp groups to compromise targets. WhatsApp has pushed a fix to prevent this mechanism from being exploited in the future.

John Scott-Railton, a senior researcher at Citizen Lab, which has been investigating spyware companies and their abuses, confirmed that they had also observed the hacking campaign by Paragon using the same attack vector and are currently investigating it.

WhatsApp believes the hacking campaign occurred in December and has sent a cease and desist letter to Paragon. This is the first time that Paragon has been publicly linked to a hacking campaign that allegedly targeted journalists and members of civil society.

Paragon, founded in 2019, has managed to maintain a low profile and avoid getting embroiled in scandals like other spyware makers such as Intellexa and NSO Group, which have both been sanctioned by the U.S. government. However, the company did sign a contract with the U.S. Immigration and Customs Enforcement in September, as revealed by Wired last year.

The contract was reportedly awarded after a vetting process that demonstrated Paragon's technology had controls to prevent customers abroad from targeting U.S. residents. However, it remains unclear who the targets of this spyware campaign were.

Natalia Krapiva, senior tech-legal counsel at Access Now, a digital rights organization that investigates spyware abuses, praised WhatsApp's actions. "For some time Paragon has had the reputation of a 'better' spyware company not implicated in obvious abuses, but WhatsApp's recent revelations suggest otherwise," Krapiva said. "This is not just a question of some bad apples — these types of abuses are a feature of the commercial spyware industry."

The incident highlights the ongoing concerns around the use of spyware by governments and private companies to target individuals, including journalists and activists. WhatsApp's actions demonstrate the importance of holding spyware companies accountable for their actions and ensuring that individuals' privacy and security are protected.

The story also raises questions about the role of private equity firms in the spyware industry and their responsibility to ensure that their portfolio companies are not engaging in unlawful activities. AE Industrial, Paragon's parent company, did not respond to a request for comment.

As the use of spyware continues to evolve, it is essential that tech companies, governments, and civil society organizations work together to prevent the misuse of these powerful tools and protect individuals' fundamental rights to privacy and freedom of expression.