Spyware Firm Intellexa Exposed in ‘Leaks’ Revealing Continued Operations Despite Sanctions

A cache of leaked documents has blown the lid off the inner workings of Intellexa, an Israeli spyware firm already under US sanctions for its role in developing and selling the highly invasive ‘Predator’ spyware. The “Intellexa Leaks,” a collaborative investigation by Inside Story, Haaretz, and WAV Research Collective, with technical analysis from Amnesty International, paints a disturbing picture of a company continuing to operate and innovate despite facing international scrutiny.

A Shadowy Industry Thrives

The revelations come at a time of growing global concern over the proliferation of mercenary spyware and its impact on human rights. The spyware industry, once largely confined to state actors, has exploded in recent years, with private companies like Intellexa selling powerful surveillance tools to governments and, worryingly, potentially to other actors with less benign intentions. According to a 2023 Amnesty International report, known as the “Predator Files,” the use of spyware has been linked to abuses targeting journalists, human rights defenders, and political dissidents in countries around the world.

What sets this leak apart, according to Jurre van Bergen, Technologist at Amnesty International’s Security Lab, is the clarity it provides. “This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology,” he stated. The leaked materials include internal documents, sales pitches, and even training videos, offering an unprecedented glimpse into how the company operates.

Remote Access and Potential Liability

Perhaps the most alarming aspect of the leaks is the suggestion that Intellexa may have retained the ability to remotely access logs from its Predator spyware customers. This means the company could potentially monitor surveillance operations and identify the individuals being targeted. This raises serious questions about the company’s human rights due diligence processes and could open them up to legal liability. If Intellexa was directly involved in the operation of its product, it could be held accountable for any human rights abuses resulting from its misuse.

The implications are significant. The principle of corporate accountability for human rights violations is gaining traction internationally. Companies are increasingly expected to not only avoid causing harm but also to actively prevent it. Intellexa’s potential access to customer logs suggests a level of involvement that goes beyond simply selling a product – it suggests active participation in the surveillance process.

Pakistan and the Expanding Reach of Predator

The leaks corroborate previous reports linking Predator spyware to surveillance attacks, including one against Greek journalist Thanasis Koukakis in 2021, investigated by Citizen Lab. But the investigation also reveals new instances of abuse. Amnesty International’s Security Lab recently uncovered an attack against a human rights lawyer in Pakistan’s Balochistan province via WhatsApp during the summer of 2025, demonstrating the spyware’s continued use in the region.

Balochistan, a province bordering Afghanistan and Iran, has long been a hotbed of separatist insurgency and human rights concerns. The use of spyware against a human rights lawyer there is particularly troubling, suggesting a deliberate attempt to suppress dissent and silence those advocating for the rights of the local population. Pakistan, facing a complex security landscape, has been accused of using surveillance technology to monitor political opponents and activists.

Globally, the use of spyware is a growing threat to democracy and human rights. A 2023 report by the United Nations Special Rapporteur on the promotion and protection of the right to privacy highlighted the need for stronger regulations and oversight of the spyware industry. The report noted that “the unchecked proliferation of spyware poses a serious threat to fundamental freedoms and democratic processes.”

Beyond Predator: The Rise of ‘Aladdin’

Intellexa isn’t resting on its laurels. The leaked documents reveal the development of a new spyware product called ‘Aladdin,’ which can infect mobile phones through online advertisements – a far more insidious and widespread method of deployment than previous techniques. This “watering hole” attack method, as it’s known, allows attackers to compromise devices without the user even clicking on a malicious link. It represents a significant escalation in the sophistication and reach of this type of surveillance technology.

This new capability is particularly concerning because it lowers the barrier to entry for surveillance. Previously, targeting specific individuals required more effort and technical expertise. With Aladdin, attackers can potentially compromise a large number of devices simply by injecting malicious code into popular advertising networks. This could have devastating consequences for privacy and security, particularly in countries with weak cybersecurity infrastructure.

The Intellexa Leaks serve as a stark reminder of the dangers posed by the unregulated spyware industry. As technology continues to advance, it is crucial that governments and international organizations take action to protect fundamental rights and ensure that these powerful tools are not used to suppress dissent or violate privacy. The world is watching, and the future of digital freedom may depend on it.