The US Immigration and Customs Enforcement (ICE) agency has reinstated a contract with Israeli spyware company Paragon Solutions, now owned by a US private investment firm.
Jack Poulson, an independent journalist and author of the Substack blog All-Source Intelligence, reported that ICE had “lifted the stop work order” on a $2m contract with Paragon on August 30.
The lifting of the order grants the Israeli-founded firm the ability to provide the US agency with ‘Hardware and perpetual license software,’ as shown on the Federal Procurement Data System (FPDS.gov), the US government’s central database for tracking and reporting federal contract actions.
The original $2m contract was signed by Paragon’s US branch based in Chantilly, Virginia, on September 27, 2024.
However, the contract was quickly suspended following a White House review, with a hold being issue on October 8, 2024.
According to Wired, the suspension came after concerns that the contract potentially violated the Biden administration’s March 2023 executive order (EO 14093) limiting US procurement of spyware.
In December 2024, several media outlets reported that AE Industrial Partners, a Florida-based private investment firm, had acquired Paragon Solutions for $500m and intended to merge the Israeli company with REDLattice, a US company part of AE’s portfolio.
Other reports mentioned that REDLattice was the company acquiring Paragon.
According to Poulson, the reinstatement of the contract between ICE and Paragon is expected to show on USASpending.gov by the end of September 2.
Paragon Linked with Spyware Campaigns in Italy
Paragon Solutions was founded in 2019 by Ehud Schneorson, a former commander of Unit 8200, Israel’s signal intelligence agency, with backing from former Israeli Prime Minister Ehud Barak.
In June 2025, Citizen Lab researchers revealed the first forensic evidence that the iPhones of at least two European journalists had been infected with Paragon’s spyware, Graphite.
One of the two targets was Italian journalist Ciro Pellegrino.
“We identify an indicator linking both cases to the same Paragon operator,” Bill Marczak and John Scott-Railton, researchers at the Citizen Lab, confirmed.
Apple later confirmed to the researchers that the zero-click attack deployed in these cases exploited a critical vulnerability (CVSSv3 score of 9.8) in iOS.
The flaw, tracked as CVE-2025-43200, stems from a logic issue when processing a maliciously crafted photo or video shared via an iCloud Link. It was mitigated in the latest iOS version, 18.3.1.
These findings came a few days after the Italian government's parliamentary committee, COPASIR, confirmed in a report that the Italian government had used Paragon's Graphite spyware against two individuals, Luca Casarini and Giuseppe "Beppe" Caccia.
Shortly after the publication of the COPASIR report, the Citizen Lab uncovered that Paragon had offered to help investigate a third victim, Mr. Cancellato, who was also targeted with the same spyware.
However, Italy rejected the offer on June 9, 2025, as reported by Haaretz, with Paragon later claiming it had unilaterally terminated Italy’s contracts.
The Italian Department of Security Intelligence (DIS) defended the rejection, citing national security risks and concerns over damaging its reputation among international intelligence partners, while denying Paragon’s claim of contract termination. Meanwhile, COPASIR clarified that it had declined Paragon’s assistance but instead sought direct access to the company’s databases, also expressing willingness to declassify Paragon’s testimony before the committee.