Intellexa’s Predator Spyware Used to Hack iPhone of Journalist in Angola, Research Says

The revelation that Intellexa’s Predator spyware breached an Angolan journalist’s iPhone adds a new chapter to the growing catalog of state‑linked cyber‑espionage. While the attack leveraged a simple phishing link on WhatsApp, its success hinged on sophisticated code that impersonated iOS system processes, allowing it to slip past conventional security tools. This incident illustrates how even outdated mobile operating systems remain attractive targets for vendors that specialize in stealthy surveillance solutions, raising concerns for journalists and activists who rely on mobile devices for their work.

Intellexa’s ability to operate under a veil of corporate anonymity has frustrated regulatory attempts to curb its reach. Despite the Biden administration’s 2024 sanctions on the firm and its founder Tal Dilian, the company continues to supply its Predator platform to undisclosed government clients, as evidenced by the newly uncovered Angolan domains. The pattern mirrors prior findings in Egypt, Greece, Vietnam and Pakistan, where the same tool was used to monitor political opponents and foreign officials. The persistence of such vendors highlights gaps in export‑control regimes and the difficulty of tracking illicit surveillance networks that span multiple jurisdictions.

For the broader cybersecurity ecosystem, the case reinforces the urgency of developing robust detection mechanisms for mobile spyware and strengthening legal frameworks that hold surveillance providers accountable. Journalists, NGOs, and at‑risk individuals must adopt hardened security practices, such as regular OS updates and cautious link handling, to mitigate exposure. Meanwhile, policymakers are urged to tighten sanctions enforcement and promote transparency in the supply chain of surveillance technologies, ensuring that the tools designed for national security do not become weapons against civil society.