Fresh research has revealed that a government client of sanctioned spyware firm Intellexa used its Predator surveillance tool to hack the iPhone of a leading journalist in Angola. According to Amnesty International, the attack targeted Teixeira Cândido, a well-known journalist and press freedom activist, marking another case of powerful commercial spyware being deployed against civil society.
In a report published on Tuesday, Amnesty detailed several hacking attempts in 2024 in which Cândido received malicious links through WhatsApp. After clicking on 1 of the links, his iPhone was infected with Predator spyware. Researchers said forensic traces on the device linked the intrusion to Intellexa’s infrastructure, including infection servers previously associated with the company. The spyware reportedly hid by impersonating legitimate iOS system processes to avoid detection. Hours after clicking the link, Cândido rebooted his phone, which removed the spyware. However, Amnesty noted it remains unclear how the infection succeeded, as the device was running an outdated version of iOS at the time.
Intellexa has been one of the most controversial spyware companies in recent years, operating across multiple jurisdictions and using what a U.S. government official once described as an “opaque web of corporate entities” to mask its activities. In 2024, the outgoing Biden administration imposed sanctions on Intellexa, its founder Tal Dilian and business partner Sara Aleksandra Fayssal Hamou. Earlier this year, the Treasury lifted sanctions against 3 other executives linked to the firm, prompting Senate Democrats to seek answers from the Trump administration.
Amnesty believes Cândido may be 1 of several targets in Angola. Researchers identified multiple domains connected to Predator activity in the country. “The first domains linked to Angola were deployed as early as March 2023, indicating the start of Predator testing or deployment in the country,” the report stated, adding, “It is not currently possible to conclusively identify the customer of the Predator spyware in the country.” Previous investigations have found Predator abuse in Egypt, Greece and Vietnam, where U.S. officials were reportedly targeted via links on X. “We’ve now seen confirmed abuses in Angola, Egypt, Pakistan, Greece and beyond — and for every case we uncover, many more abuses surely remain hidden,” said Donncha Ó Cearbhaill, head of Amnesty’s security lab.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
