Europe
Another member of Italian civil society has gone public about being a target of Paragon spyware. Francesco Nicodemo, a prominent Italian communications executive and political advisor, is the fifth confirmed target of an ongoing spyware scandal in Italy. Citizen Lab first identified the abuse of Paragon’s Graphite spyware against Italian civil society in March 2025, […]
On November 12, Citizen Lab senior researcher John Scott-Railton will partake in the panel titled “From Stasi to Spyware: Old Tactics, New Technology” at Berlin Freedom Week. The session will explore how authoritarian surveillance mechanisms — then and now — affect those targeted, how societies can respond, how solidarity with victims can be strengthened, and what political […]
A new U.K. age-verification law aimed to protect children can push people to seedier parts of the web. Citizen Lab senior researcher John Scott-Railton spoke with the Washington Post about the “law of unintended consequences” faced by regulators. The law “suppresses traffic to compliant platforms while driving users to sites without age verification,” says Scott-Railton. “The more […]
In May 2025, Keir Giles, a well-known expert on Russian military operations, was targeted with a highly sophisticated and personalized phishing attack. Using a method not previously observed by the Citizen Lab, the attacker posed as a U.S. State Department employee to convince Mr. Giles to create and send app-specific passwords for his email accounts, bypassing multi-factor authentication. Google spotted and blocked the attack, attributing it to a Russian state-backed operator.
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from our forensic analyses of their devices.
On May 13, 2025, the Citizen Lab’s senior researcher John Scott-Railton testified before the European Union Parliament’s Committee on Civil Liberties, Justice and Home Affairs (‘LIBE committee’) to share findings from our recent report on the proliferation of Paragon spyware. “When we look at the pie chart of [spyware] targeting to see who was targeted […]
Join us on May 21 for a hybrid workshop that explores digital sovereignty, the methodologies for its study, and the global trend around sovereignty in the digital world. This workshop is co-organized by DIGISOV, CIS CNRS, and GEODE and will take place on May 21, 2025, from 9:30 to 17:00, in Paris 17th (CNRS Pouchet) […]
Our investigation of a spearphishing campaign that targeted senior members of the World Uyghur Congress in March 2025 reveals a highly-customized attack delivery method. The ruse used by attackers replicates a pattern in which threat actors weaponize software and websites aimed at preserving and supporting marginalized and repressed cultures to target those same communities.
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon’s mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
A new book co-authored by Siena Anstis, senior legal advisor at The Citizen Lab, is now available for purchase. Transnational Repression and International Law explores the rise of state-sponsored extraterritorial killings and the implications for international law. Order your copy here.
