European Spyware Scandals Involving Predator and Paragon Targeting Journalists and Civil Society
A Greek court sentenced four Intellexa executives to eight years in prison for their role in the “Predatorgate” spyware scandal, which involved use of Predator spyware against 90+ public figures. Prior investigations by The Citizen Lab and others documented Predator’s presence in Greece and confirmed infections on devices belonging to journalist Thanasis Koukakis and former Meta trust-and-safety manager Artemis Seaford, marking a rare case where executives at a mercenary spyware firm faced criminal conviction and prison time.
In Italy, prosecutors in Rome and Naples confirmed via a technical report that journalist Francesco Cancellato and immigration activists Giuseppe Caccia and Luca Casarini showed traces consistent with Paragon Solutions spyware infections during the early hours of 2024-12-14, suggesting a coordinated infection campaign. Italian authorities also inspected a Paragon spyware server used by the intelligence agency AISI and found evidence of operations against Caccia and Casarini but not against Cancellato, leaving attribution for Cancellato’s compromise unresolved; the case follows WhatsApp notifications to roughly 90 people warning they were targeted with Paragon spyware.
Timeline
Mar 26, 2026
Rights groups confirm Predator surveillance of Angolan journalist
Reporter ohne Grenzen and Amnesty International said they confirmed that Angolan journalist Teixeira Cândido was hacked and surveilled with Intellexa’s Predator spyware. The report also links the spyware’s sale in Angola to the intelligence service SINSE through leaked commercial documentation.
Mar 5, 2026
Greek court sentences four Intellexa executives to prison
A Greek court sentenced four Intellexa executives, including the company's founder, to eight years in prison over their role in the Predator spyware scandal. Citizen Lab described it as the first known prison sentence for executives of a mercenary spyware company.
Mar 5, 2026
Italian prosecutors confirm spyware traces on Cancellato and activists
Prosecutors in Rome and Naples confirmed through a technical report that Francesco Cancellato, Giuseppe Caccia, and Luca Casarini showed traces of spyware infection, while attribution for Cancellato remained unresolved.
Jun 1, 2025
Paragon reportedly cancels Italian government contracts
Amid the widening spyware controversy in Europe, Paragon reportedly canceled its contracts with the Italian government.
Jun 1, 2025
COPASIR inquiry finds lawful targeting of two Italian activists
A June 2025 COPASIR inquiry concluded that Italian intelligence lawfully targeted Giuseppe Caccia and Luca Casarini, but found no evidence explaining the compromise of Francesco Cancellato.
Jan 1, 2025
WhatsApp warns about 90 Paragon-linked spyware targets
In January 2025, WhatsApp warned Francesco Cancellato and about 90 others that they had been targeted in a campaign linked to Paragon Solutions' spyware.
Dec 14, 2024
Paragon spyware infections hit Italian journalist and activists
A technical report later found traces of spyware infection on journalist Francesco Cancellato and immigration activists Giuseppe Caccia and Luca Casarini in the early hours of December 14, 2024, indicating a coordinated campaign.
Jan 1, 2022
Citizen Lab confirms Predator infections on Koukakis and Seaford phones
Citizen Lab later confirmed Predator spyware infections on the phones of journalist Thanasis Koukakis and former Meta trust and safety manager Artemis Seaford.
Jan 1, 2022
Predator spyware scandal targets more than 90 public figures in Greece
In 2022, the Predatorgate scandal emerged in Greece involving the targeting of more than 90 public figures with Predator spyware.
Dec 1, 2021
Citizen Lab publishes evidence of Predator spyware activity in Greece
Citizen Lab first published evidence of Predator spyware activity in Greece, helping expose what later became known as the Predatorgate scandal.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Intellexa Executives Sentenced in Greece Over Predator Spyware Wiretapping Scandal
A Greek court in Athens sentenced **Intellexa** founder **Tal Dilian** and three associates—**Sara Hamou**, **Felix Bitzios**, and **Yiannis Lavranos**—to prison for their roles in the “Greek Watergate” spyware scandal involving illegal wiretapping and privacy violations tied to Intellexa’s *Predator* spyware. Local reporting cited by multiple outlets indicates the court imposed sentences totaling more than **126 years**, which under Greek law translate to **eight years** to be served; the court also ordered further investigation, and the defendants are expected to **appeal** and remain free pending the appeal process. The case stems from allegations that *Predator* was used to surveil Greek targets including **politicians, journalists, businesspeople, military officials, and other public figures**, with reporting citing **more than 90** victims in Greece during **2020–2021**. Lavranos’s company **Krikel** was reported to have links to the procurement of *Predator*. The convictions mark a notable legal milestone against a commercial spyware vendor; Intellexa and associated entities have also faced international scrutiny, including **U.S. sanctions** in 2024 over alleged misuse of the spyware, and experts noted the guilty verdict and custodial sentence could increase cross-border legal exposure even if defendants attempt to avoid Greek jurisdiction.
1 months ago
Targeting of Italian Political Adviser with Paragon Graphite Spyware
Francesco Nicodemo, a prominent Italian political adviser and communications executive, was identified as the fifth Italian individual targeted with Paragon’s Graphite spyware. Nicodemo, who has managed numerous election campaigns and is known for his work with center-left political candidates, was notified by WhatsApp of evidence linking his device to the spyware. The attack was later confirmed by Citizen Lab’s John Scott-Railton, highlighting ongoing concerns about the use of invasive surveillance tools against political figures in Italy. The Italian government has acknowledged using Paragon spyware in some cases but denies involvement in all incidents, particularly those involving journalists. The growing number of unexplained infections, now totaling at least 90 victims notified by WhatsApp, underscores the broader issue of government surveillance and the targeting of individuals involved in politics and elections. Experts have raised alarms about the human rights implications of such spyware, calling for greater transparency and potential bans on its use.
1 months ago
Predator Spyware Infection of Angolan Journalist via WhatsApp Links
Amnesty International reported that the iPhone of Angolan journalist and press freedom advocate **Teixeira Cândido** was infected with **Intellexa’s Predator spyware** after he received multiple **malicious links via WhatsApp** in 2024. According to the investigation, Cândido was messaged from an unknown Angolan number over several weeks; he clicked one link on **May 4, 2024**, after which Predator was installed, and the spyware was later removed the same day when the device was restarted. Amnesty described this as the **first documented Predator case in Angola**, and said attribution remains unclear, though the activity is consistent with use by a government customer. The reporting underscores continued alleged abuse of commercial spyware against civil society despite international pressure on Intellexa. Intellexa and associated individuals have faced U.S. actions including placement on the **Entity List** and subsequent **sanctions** (with later changes to some designations noted in coverage), yet Predator has been repeatedly linked to targeting of journalists and officials in multiple countries. Amnesty’s findings add to prior public reporting on Predator’s use in places such as **Greece, Egypt, and Vietnam**, reinforcing the ongoing risk posed by link-based mobile spyware delivery through common messaging platforms like WhatsApp.
1 months ago