Angolan Journalist Compromised by Intellexa’s Predator Spyware

Amnesty International has revealed that a government-affiliated client of the controversial spyware maker Intellexa infiltrated the mobile device of a prominent Angolan journalist,illustrating yet another case where complex phone-hacking technology is deployed against members of civil society.

How Teixeira Cândido’s Device Was Breached

Throughout 2024,Teixeira Cândido-a local journalist and advocate for press freedom in Angola-was targeted with several malicious WhatsApp links. When he interacted with one such link, his iPhone became infected with Predator spyware created by Intellexa.

The Technical Aspects Behind the Spyware Attack

Forensic investigations traced the intrusion back to infection servers linked to Intellexa’s spyware infrastructure. Interestingly, after several hours post-infection, Cândido rebooted his iPhone which successfully removed the malware. The attack exploited security flaws present in an outdated version of iOS running on his device at that time.

the Predator software was designed to disguise itself as legitimate system processes within iOS,allowing it to bypass detection tools and remain hidden on the compromised phone.

A Widespread Pattern of Government Surveillance Misuse

This incident fits into a larger global pattern where governments utilize commercial spyware products like Predator to monitor journalists, political opponents, and activists. Similar abuses have been documented in countries including Egypt, Greece, Vietnam-and even attempts targeting U.S. officials through social media platforms such as X (formerly Twitter).

The Complex Corporate Web Surrounding Intellexa Amid Sanctions

Intellexa operates through intricate corporate structures spread across multiple jurisdictions aimed at evading export controls and regulatory scrutiny. In 2024-the same year this attack occurred-the U.S.government imposed sanctions on Intellexa along with its founder Tal Dilian and business partner Sara Aleksandra Fayssal hamou due to their role in targeting Americans and others worldwide.

Earlier this year though,some sanctions were lifted against three other executives connected with Intellexa’s operations-a decision that raised concerns among Senate Democrats calling for greater openness regarding these moves.

The company’s Continued Activity Despite Legal challenges

Despite mounting legal pressure and public exposure-including leaked internal documents revealing that Intellexa employees had remote access capabilities into clients’ surveillance systems-the company remains actively engaged in deploying its spyware internationally.

Evidences Point Toward Broader Surveillance Efforts Within Angola

An inquiry uncovered multiple internet domains associated with Predator’s infrastructure operating inside Angola since March 2023-suggesting ongoing testing or deployment beyond just this single case involving Cândido.

“While we cannot conclusively determine who ordered this attack within Angola yet,” Amnesty stated,
“the existence of these domains indicates wider surveillance activities may be underway.”

The Global Implications for Press Freedom and Privacy protections

• This event places Angola alongside nations like pakistan and Egypt where confirmed abuses using advanced spyware have recently surfaced;
• Sophisticated digital espionage tools threaten not only personal privacy but also erode democratic values by intimidating journalists;
• Cybersecurity organizations report an approximate 60% rise in digital attacks targeting journalists globally between 2020-2024;
• Civil rights groups warn many incidents go unreported due to fear or lack of technical means for detection;
• This underscores an urgent need for stronger international frameworks regulating commercial surveillance technologies worldwide.

“We’ve now verified abuses across numerous countries-and undoubtedly many more remain concealed beneath layers of secrecy,” remarked Donncha Ó Cearbhaill from Amnesty International’s security lab.