Investigation reveals traces of Graphite spyware on journalist Francesco Cancellato’s phone, raising new questions about surveillance and accountability in Italy.
Italian prosecutors have confirmed that journalist Francesco Cancellato was hacked with Graphite spyware, developed by Israeli surveillance company Paragon Solutions.
The finding comes from a technical investigation by prosecutors in Rome and Naples, which examined several suspected spyware incidents reported last year.
The report concluded that the phones of:
- Francesco Cancellato, editor of news outlet Fanpage
- Immigration activists Giuseppe Caccia and Luca Casarini
all showed evidence of spyware infections in the early hours of December 14, 2024.
Investigators noted that three consecutive attacks occurred the same night, suggesting a coordinated campaign.
First Independent Confirmation of the Hack
The confirmation marks the first independent verification that Cancellato’s phone was compromised.
In January 2025, WhatsApp alerted roughly 90 individuals—including journalists and civil society members—that they had likely been targeted by spyware tied to Paragon.
At the time, the alert raised alarms but did not conclusively prove infection.
The new forensic analysis now confirms that Cancellato’s device contained traces of spyware activity.
However, investigators say it remains unclear who carried out the attack.
Intelligence Agency Server Examined
During the investigation, judicial authorities inspected a Paragon spyware server used by Italy’s intelligence agency AISI.
The review found evidence that the agency had conducted operations targeting Caccia and Casarini.
Those operations were later deemed lawful by Italy’s parliamentary intelligence oversight committee, COPASIR, in June 2025.
However, investigators said they found no records linking the intelligence agency to the attack on Cancellato.
This discrepancy has deepened the mystery surrounding the journalist’s hack.
Government Denies Responsibility
Italy’s government, led by Prime Minister Giorgia Meloni, has denied involvement in the attack.
During a press conference earlier this year, Meloni said the government would provide “all assistance and answers” necessary to clarify the situation.
So far, critics say those answers have been limited.
Cancellato himself has publicly questioned the government’s response.
“We are asking for clarity… and we have not received it from the government,” he wrote in an article addressing the investigation.
Questions About Earlier Investigations
The new confirmation has also raised concerns about earlier official inquiries.
Previously, both Italian authorities and a parliamentary committee had said they found no evidence that Cancellato’s phone was hacked.
Security researchers say the new findings contradict those conclusions.
John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab, noted the discrepancy.
The revelation “raises serious questions about why no confirmation surfaced in prior official investigations.”
Citizen Lab has previously investigated several European spyware campaigns, including cases involving Paragon’s Graphite system.
A Wider European Spyware Scandal
The Italian case is part of a broader wave of spyware scandals across Europe.
Other individuals in Italy have also reported suspected attacks.
Among them is Fanpage journalist Ciro Pellegrino, who received an Apple alert warning his iPhone had been targeted by spyware.
Citizen Lab later said it found evidence that Pellegrino’s phone was infected with Graphite, though prosecutors’ experts reportedly did not confirm this.
Spyware controversies have also surfaced in several other countries, including:
- Greece
- Hungary
- Poland
- Spain
In Greece, courts recently sentenced executives linked to spyware firm Intellexa to eight years in prison for illegal wiretapping tied to the Predator spyware scandal.
Fallout for Paragon
Following the Italian scandal, Paragon reportedly terminated its contracts with Italian government clients.
The company’s Graphite spyware has also drawn scrutiny because of its connections to Western law enforcement agencies.
Paragon is now owned by AE Industrial, a U.S. private equity firm, and has had contracts with organizations including U.S. Immigration and Customs Enforcement (ICE).
The company has not publicly commented on the latest findings.
TL;DR
Italian prosecutors confirmed that journalist Francesco Cancellato was hacked with Paragon’s Graphite spyware in December 2024. While two activists were lawfully targeted by Italian intelligence, investigators found no evidence linking authorities to the attack on Cancellato, leaving the identity of the hackers unknown.
AI Summary
- Italian prosecutors confirm Graphite spyware infection on journalist’s phone.
- Attack occurred December 14, 2024, alongside two other infections.
- Italian intelligence admitted targeting two activists but not the journalist.
- Investigation continues to identify the attacker.
- Case adds to growing spyware scandals across Europe.
