A government customer of sanctioned spyware firm Intellexa hacked the phone of a well-known journalist in Angola, Amnesty International says, marking the latest documented case of a civil-society figure being targeted with high-end phone-hacking tools.
In a new report published Tuesday, the human rights group analysed multiple hacking attempts targeting Angolan journalist and press freedom activist Teixeira Cândido. Amnesty said Cândido received a string of malicious links over WhatsApp throughout 2024, part of a sustained effort to compromise his device.
Amnesty’s researchers concluded that Cândido ultimately clicked on one of the links, and his iPhone was infected with Intellexa’s spyware, known as Predator.
The findings again highlight how government customers of commercial surveillance vendors are increasingly deploying spyware against journalists, politicians, and ordinary people — including critics and members of civil society. Prior investigations have turned up signs of Predator misuse in countries including Egypt, Greece, and Vietnam. In Vietnam, the government was reportedly linked to attempts that targeted U.S. officials by sending spyware-laced links on X.
Intellexa has been among the most contentious spyware makers in recent years, operating across multiple jurisdictions in ways critics say help it sidestep export controls. The company has also been accused of relying on what a U.S. government official previously described as an “opaque web of corporate entities” to obscure its operations and activities.
In 2024 — around the same time that an Intellexa customer was allegedly targeting Cândido — the outgoing Biden administration imposed sanctions on Intellexa, along with its founder, Tal Dilian, a nd his business partner, Sara Aleksandra Fayssal Hamou.
Earlier this year, the U.S. Treasury removed sanctions against three other executives associated with Intellexapromptinged Senate Democrats to demand explanations from the Trump administration.
Amnesty said its team connected the intrusions to Intellexa by reviewing forensic evidence recovered from Cândido’s phone. According to the report, the attack infrastructure included infection servers previously tied to Intellexa’s Predator ecosystem.
Several hours after he clicked the malicious link that led to the compromise, Cândido restarted his phone — an action Amnesty said removed the spyware from the device. The organisation noted it could not determine exactly how Predator exploited his iPhone, and said the phone was running an outdated version of iOS at the time of the incident.
Researchers also reported that Predator attempted to remain invisible by masquerading as legitimate iOS system processes, a tactic intended to reduce the chance of detection.
Amnesty believes Cândido may be only one of many potential targets in Angola. The group said it identified multiple domains connected to the spyware maker that appeared to be used in the country, suggesting broader activity than a single operation.
“The first domains linked to Angola were deployed as early as March 2023, indicating the start of Predator testing or deployment in the country,” Amnesty’s researchers wrote. They added that they do not have evidence showing precisely who was behind the hacking of Cândido.
“It is not currently possible to conclusively identify the customer of the Predator spyware in the country,” the report stated.
Last year, based on leaked internal documents, Amnesty and media partners reported that Intellexa employees could access customers’ systems remotely — a capability that could give the spyware maker insight into government surveillance operations. Those disclosures, along with Amnesty’s new findings in Angola, suggest that despite sustained controversy and sanctions, Intellexa has continued operating in recent years.
“We’ve now seen confirmed abuses in Angola, Egypt, Pakistan, Greece, and beyond — and for every case we uncover, many more abuses surely remain hidden,” said Donncha Ó Cearbhaill, head of Amnesty International’s security lab.
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
