Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A government agent of sanctioned spyware maker Intellexa has hacked into the phone of a prominent journalist in Angola, according to Amnesty International, in the latest case of someone in civil society being targeted with powerful phone-hacking software.
The human rights organization published a new report on Tuesday analyzing several hacking attempts against local journalist and press freedom activist Teixeira Candido, in which a series of malicious links were sent via WhatsApp during 2024.
Amnesty International found that Candido eventually clicked on one of these programs, and his iPhone was hacked using spyware from Intellexa, dubbed Predator.
New research shows once again that government agents Commercial surveillance vendors Spyware is increasingly being used to target journalists, politicians and other ordinary citizens, including critics. Researchers have previously found evidence of predator abuse in… Egypt, GreeceAnd Vietnam where the government It reportedly targeted US officials By sending spyware via links on X.
Contact us
Do you have more information about Intellexa? Or other spyware makers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or Email.
Intellexa It is one of the most controversial spyware makers of the past few years, operating from various jurisdictions to circumvent export laws, and using an “opaque network of commercial entities” — a US government official said. Put it down At that time – to hide its activities.
In 2024, around the same time, an Intellexa agent was targeting Cândido with its own spyware, imposed by the outgoing Biden administration The company, in addition to its founder, Tal Dillian, and his business partner, Sarah Alexandra Faisal Hamo.
Earlier this year, the Treasury Department Lifting sanctions against three other Intellexa-related executives, a decision left up to Senate Democrats Prompt answers From the Trump administration.
Dillian did not respond to a request for comment.
Amnesty International researchers wrote in the report that they linked the intrusions to Intellexa by examining forensic traces found on Candido’s phone. Intellexa used infection servers that were previously linked to the company’s spyware infrastructure, AI said.
Several hours after clicking on the link that led to his phone being hacked, Candido rebooted his phone, which erased the spyware from his device. Amnesty International said it was not clear how the spyware was able to hack into Candido’s phone, as his phone was running an old version of the iOS operating system at the time.
The researchers found that the Predator remained hidden by impersonating legitimate iOS processes to avoid detection.
Amnesty International believes Candido may be just one of many targets in the country, based on its findings that they were able to find multiple domains linked to the maker of spyware used in Angola.
“The first domains associated with Angola were deployed as early as March 2023, suggesting Predator testing or deployment had begun in the country,” Amnesty International researchers wrote, adding that they had no evidence to determine who exactly hacked Candido.
“It is not currently possible to conclusively determine the identity of the Predator spyware agent in the country,” the report said.
Last year, based on leaks of internal documents, Amnesty International and media organizations revealed that Intellexa employees He had the ability to access customer systems remotelywhich could give the spyware maker visibility into government surveillance operations.
These leaks, like this report, show that despite the controversy and sanctions, Intellexa has remained active in recent years.
“We have now seen confirmed abuses in Angola, Egypt, Pakistan, Greece and other countries – and for every case we uncover, many more abuses are sure to remain hidden,” said Donncha O Kerbhill, head of Amnesty International’s Security Lab.