A prominent journalist in Angola was targeted by a government customer of Intellexa, a sanctioned spyware maker, according to Amnesty International. This incident highlights the increasing use of powerful phone-hacking software to target individuals in civil society.
Amnesty International published a report on Tuesday detailing hacking attempts against Teixeira Cândido, a local journalist and press freedom activist, who received malicious links via WhatsApp in 2024.
Cândido unknowingly clicked on one of the links, leading to his iPhone being hacked with Intellexa’s spyware, known as Predator, as revealed by Amnesty.
The report underscores the trend of government customers using spyware from commercial surveillance vendors to target journalists, politicians, and ordinary citizens, including critics. Previous instances of Predator abuse have been documented in countries like Egypt, Greece, and Vietnam.
Contact Us
Do you have more information about Intellexa or other spyware makers? Contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.
Intellexa has faced controversy for its operations aimed at circumventing export laws and its use of a complex network of corporate entities to conceal its activities, according to a U.S government official.
In parallel with the targeting of Cândido, the outgoing Biden administration imposed sanctions on Intellexa, its founder Tal Dilian, and business partner Sara Aleksandra Fayssal Hamou in 2024.
Despite the lifting of sanctions against other Intellexa executives earlier this year, questions remain regarding the company’s activities, with Dilian declining to comment.
Image Credits: Amnesty International
Amnesty’s forensic analysis linked the hacking incidents to Intellexa, citing traces found on Cândido’s phone and the use of infection servers associated with the company’s spyware infrastructure.
Despite running an outdated iOS version, Cândido’s phone was compromised by Predator, which evaded detection by masquerading as legitimate iOS processes.
Amnesty suspects that Cândido is just one of many targets in Angola, as evidenced by multiple domains linked to Intellexa’s spyware in the country.
Further investigations revealed the deployment of Predator-related domains in Angola as early as March 2023, suggesting ongoing surveillance activities.
While the identity of the hacker remains unknown, leaks have shown that Intellexa employees had remote access to customer systems, raising concerns about the extent of government surveillance facilitated by the company.
Despite facing scrutiny and sanctions, Intellexa continues to operate, with Amnesty expressing concerns about undisclosed abuses in various countries.
“Confirmed abuses in Angola, Egypt, Pakistan, Greece, and beyond highlight the pervasive nature of surveillance technologies like Predator,” said Donncha Ó Cearbhaill, head of the security lab at Amnesty International.
