Julian-Ferdinand Vögele

Intellexa remotely accessed Predator spyware customer systems, investigation finds It was one of a trio of reports about the spyware vendor over the course of a day, with additional evidence about further infections among the findings.

It was one of a trio of reports about the spyware vendor over the course of a day, with additional evidence about further infections among the findings. via @timstarks.bsky.social cyberscoop.com/intellexa-re...

Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.

Interesting artefact in the uploaded JSKit code used by Intellexa from Google's Threat Intelligence Group.

"//TODO: va bene solo per ios 15 perchè l'exploit è uguale per tutte le version 15.0.x infatti se inferiore a 15.1 restituisce sempre 15.0" - some italian....

cloud.google.com/blog/topics/...

Intellexa Predator cyber tool (spyware hacking user devices) operates across multiple countries, recent targets identified in Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan. Among the users are at least 25 countries including Germany, Austria, Switzerland, Qatar, Congo

Predator spyware uses new infection vector for zero-click attacks The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement.

The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed "Aladdin" that compromised specific targets when simply viewing a malicious advertisement.

Researchers find Predator spyware is being used in several countries, including Iraq Researchers also found indicators “likely associated” with the use of Predator spyware by an entity tied to Pakistan.

Insikt Group researchers found new evidence of Predator's continued deployment in Iraq and Pakistan. New shell companies and other interconnected firms also discovered and suggest "expanding network footprint."

therecord.media/intellexa-pr...

Toadya our research partners at Google TAG and Recorded Future (@julianferdinand.bsky.social)
) have published their own deep investigations into Intellexa

bsky.app/profile/juli...

🔥 The #IntellexaLeaks
⚠ Νέα διεθνής έρευνα του @insidestory.gr σε συνεργασία με την @haaretzcom.bsky.social, WAV Research Collective και την τεχνική συνδρομή του Εργαστηρίου Ασφαλείας της @amnesty.org προχωρά σήμερα σε σημαντικές αποκαλύψεις: insidestory.gr/article/inte...

Incredible work from our Insikt Group and @julianferdinand.bsky.social

🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇

5️⃣ Εκτός από το Security Lab της Διεθνούς Αμνηστίας, σήμερα δημοσιεύουν επίσης ξεχωριστές εκθέσεις η Google Threat Intelligence Group και η εταιρεία κυβερνοασφάλειας Recorded Future οι οποίες επιβεβαιώνουν τα ευρήματα της έρευνάς μας.

1️⃣ The Intellexa Leaks: Νέα διεθνής έρευνα του #insidestory_gr και της @etriantafillou.bsky.social σε συνεργασία με την ισραηλινή εφημερίδα @haaretzcom.bsky.social, την ομάδα WAV Research Collective στην Ελβετία και την τεχνική συνδρομή του Εργαστηρίου Ασφαλείας της Διεθνούς Αμνηστίας.

Thank you! :)

To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...

And check out the companion blog post by @amnestyuk.bsky.social tech with a detailed peek into Intellexa's setup based on leaked materials 👀

Giveaway: Intellexa can observe all of what their gov clients are doing with their hacking tech and more securitylab.amnesty.org/latest/2025/...

Thank you! :)

Great work showing yet more
mercenary spyware abuses, this time in Iraq and Pakistan involving shady Intellexa and its Predator spyware 👇

Intellexa’s Global Corporate Web

A new report by Insikt Group @julianferdinand.bsky.social identifies several individuals & entities linked to Intellexa & its broader network of associated companies, as well as newly identified activity clusters in 🇮🇶Iraq & indications of activity in 🇵🇰Pakistan.
www.recordedfuture.com/research/int...

Intellexa’s Global Corporate Web

12/ Check out our full report here: www.recordedfuture.com/research/int...

Former Intellexa Employee Testifies to Secret Demonstrations of Spyware to Foreign Intelligence Services - Dnews What emerged in court is that this structure allowed Intellexa to continue operating despite U.S. sanctions. The trial over Greece’s Predator spyware scandal resumed on Tuesday at the Athens Misdemean...

11/ Our report, alongside Amnesty International’s and Google’s, lands as Intellexa’s trial over Greece’s Predator spyware scandal resumed this week at the Athens Misdemeanors Court: www.dnews.gr/eidhseis/new...

Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.

10/ This is consistent with Google’s findings, which indicate continuing activity in these and other countries. They also reported on Intellexa today, noting its extensive use of zero-days (accounting for 16 of the 70 discovered/documented by Google since 2021): cloud.google.com/blog/topics/...

9/ Using Recorded Future’s Network Intelligence, we further mapped Predator activity timelines across multiple clusters. Several, including in Mongolia, Saudi Arabia, and Kazakhstan, remain active today, indicating that sanctions and previous reporting have had only partial impact.

8/ Among Amnesty’s most concerning revelations: at the time the leaked training videos were recorded, Intellexa retained the capability to remotely access Predator customer systems, including those located on-premises within government facilities.

7/ These findings surface as @amnesty.org publishes new insights into “Aladdin,” based on internal corporate leaks such as training videos and marketing documents, released publicly for the first time today: securitylab.amnesty.org/latest/2025/...

6/ Two entities in the advertising sector (also linked to the Czech cluster) may be connected to the “Aladdin” ad-based infection vector, originally revealed by Haaretz and previously tied to the Czech cluster via a leaked 2022 invoice.

5/ We also identified additional entities in Kazakhstan (OOO Seven Hills) and the Philippines (ComWorks) involved in importing Intellexa products, highlighting Intellexa’s continued global corporate expansion.

4/ In at least one instance, a delivery very likely went directly to an end user, offering a rare look into how Intellexa tools reach their final destinations. The timing aligns closely with our prior reporting on the Botswana cluster.

3/ By examining corporate records, infrastructure, and export/import data, we identified an entity (PULSE FZCO) tied to the previously reported Czech cluster that highly likely facilitated shipments of Intellexa products to clients.

2/ This report is one of multiple investigations undertaken in coordination with @amnesty.org and Google, each of which also issued independent, complementary reports today.

Intellexa’s Global Corporate Web

1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...

Former Intellexa Employee Testifies to Secret Demonstrations of Spyware to Foreign Intelligence Services - Dnews What emerged in court is that this structure allowed Intellexa to continue operating despite U.S. sanctions. The trial over Greece’s Predator spyware scandal resumed on Tuesday at the Athens Misdemean...

"What emerged in court - and what carries significant implications beyond Greece - is that this structure allowed Intellexa to continue operating despite 🇺🇸U.S. sanctions imposed on the company and its shareholders over the global deployment of Predator #spyware."

www.dnews.gr/eidhseis/new...

MuddyWater: Snakes by the riverbank MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook.

#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7