Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Clients of government-licensed spy software Intellexa hacked the phone of a prominent Angolan journalist, according to Amnesty International, the latest case involving a mastermind behind a powerful phone-hacking program.
The human rights organization released a new report on Tuesday examining several attempts by local journalist and press freedom activist Teixeira Cândido, when he sent her malicious links via WhatsApp in 2024.
Cândido then clicked one and his iPhone was hijacked by Intellexa’s spyware, called Predator, Amnesty found.
New research also shows that government customers a salespeople they are using espionage programs that are widely used to target journalists, politicians, and other ordinary citizens, including dissidents. Researchers have found evidence of Predator aggression Egypt, Greeceand Vietnam, where the government they are said to be fighting against the US authorities by sending spyware through links on X.
contact us
Do you have information about Intellexa? Or spyware developers? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Intellexa is one of the most controversial spy software developers of the past few years, operating from various jurisdictions to export laws, and using the “invisible corporate web” – as a US government official. install it at that time – to hide his activities.
In 2024, around the same time one of Intellexa’s clients is targeting Cândido with spyware. outgoing administration Biden agreed the company, and its founder Tal Dilian and his business partner Sara Aleksandra Fayssal Hamou.
Earlier this year, the Treasury sanctions were lifted against three other officials tied to Intellexa, a decision that left Senate Democrats difficult answers from the Trump administration.
Dilian did not respond to a request for comment.
Amnesty researchers wrote in the report that they linked the intervention to Intellexa by investigating data found on Cândido’s phone. Amnesty said Intellexa used servers that were already connected to the company’s spying systems.
A few hours after clicking on the link that caused his phone to crash, Cândido restarted his phone, which wiped the spyware off his device. Amnesty said it was unclear how the spyware was able to hack Cândido’s phone, as his phone was running an old version of iOS at the time.
The researchers discovered that the Predator was hidden using the official iOS techniques to avoid detection.
Amnesty believes that Cândido could be one of many targets in the country, based on their findings that they were able to access several sites linked to a spy software developer used in Angola.
“The first connected areas in Angola were sent in early March 2023, indicating the start of the Predator test or deployment in the country,” wrote Amnesty researchers, who added that they had no evidence to prove who kidnapped Cândido.
“At this time it is not possible to determine the client of the Predator spy software in this country,” the report read.
Last year, based on the release of internal documents, Amnesty and media organizations revealed that Intellexa employees had the ability to access customer behavior remotelywhich can give the spyware developer visibility into government surveillance.
These releases, like this report, show that despite the controversy and sanctions, Intellexa has been working in recent years.
“We have now seen confirmed abuses in Angola, Egypt, Pakistan, Greece, and beyond – and in everything we have found, many other abuses are hidden,” said Donncha Ó Cearbhaill, head of Amnesty International’s security laboratory.
