Donncha Ó Cearbhaill
@donncha.is
Head of Security Lab - Amnesty International
Hunting spyware and unlawful surveillance targeting activists and civil society.
For help with digital forensics or suspect spyware threats contact: https://securitylab.amnesty.org/get-help/
Hunting spyware and unlawful surveillance targeting activists and civil society.
For help with digital forensics or suspect spyware threats contact: https://securitylab.amnesty.org/get-help/
Reposted by Donncha Ó Cearbhaill
Our full report can be found here: securitylab.amnesty.org/latest/2025/...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...
securitylab.amnesty.org
December 4, 2025 at 11:37 AM
Our full report can be found here: securitylab.amnesty.org/latest/2025/...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
Haaretz - www.haaretz.com/israel-news/...
InsideStory - insidestory.gr/article/inte...
Inside-IT - www.inside-it.ch/intellexa-le...
🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇
December 4, 2025 at 2:38 PM
Check out the create reporting today from our wonderful colleagues and partners!
bsky.app/profile/etri...
bsky.app/profile/etri...
🔥 The #IntellexaLeaks
⚠ Νέα διεθνής έρευνα του @insidestory.gr σε συνεργασία με την @haaretzcom.bsky.social, WAV Research Collective και την τεχνική συνδρομή του Εργαστηρίου Ασφαλείας της @amnesty.org προχωρά σήμερα σε σημαντικές αποκαλύψεις: insidestory.gr/article/inte...
⚠ Νέα διεθνής έρευνα του @insidestory.gr σε συνεργασία με την @haaretzcom.bsky.social, WAV Research Collective και την τεχνική συνδρομή του Εργαστηρίου Ασφαλείας της @amnesty.org προχωρά σήμερα σε σημαντικές αποκαλύψεις: insidestory.gr/article/inte...
December 4, 2025 at 2:38 PM
Check out the create reporting today from our wonderful colleagues and partners!
bsky.app/profile/etri...
bsky.app/profile/etri...
Significantly Google has also announced threat notifications today, first time ever alerts sent for Predator, to "several hundred accounts across various countries, including Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan". 🔥🔥🔥
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
cloud.google.com
December 4, 2025 at 2:38 PM
Significantly Google has also announced threat notifications today, first time ever alerts sent for Predator, to "several hundred accounts across various countries, including Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan". 🔥🔥🔥
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Toadya our research partners at Google TAG and Recorded Future (@julianferdinand.bsky.social)
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 2:38 PM
Toadya our research partners at Google TAG and Recorded Future (@julianferdinand.bsky.social)
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
) have published their own deep investigations into Intellexa
bsky.app/profile/juli...
The leaked materials also forensically confirm Predator’s use in previously documented attacks in Greece and Egypt - validating years of investigations by Amnesty, Citizen Lab & others.
December 4, 2025 at 2:38 PM
The leaked materials also forensically confirm Predator’s use in previously documented attacks in Greece and Egypt - validating years of investigations by Amnesty, Citizen Lab & others.
The level of remote access is more extensive and lax than previously thought. Intellexa staff simply logged in with TeamViewer (!) to a remote Predator customer system.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
December 4, 2025 at 2:38 PM
The level of remote access is more extensive and lax than previously thought. Intellexa staff simply logged in with TeamViewer (!) to a remote Predator customer system.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
The video shows staff could see live targeting and infection attempts from EAGLE_2, a customer in Kazakhstan.
A leaked training video show a client list (by codename): Dragon, Eagle, Falcon, Flamingo, Fox & more. Our investigation confirms Eagle is Kazakhstan; Phoenix, the 2023 Predator Files investigation found, was Libya.
www.haaretz.com/israel-news/...
www.haaretz.com/israel-news/...
December 4, 2025 at 2:38 PM
A leaked training video show a client list (by codename): Dragon, Eagle, Falcon, Flamingo, Fox & more. Our investigation confirms Eagle is Kazakhstan; Phoenix, the 2023 Predator Files investigation found, was Libya.
www.haaretz.com/israel-news/...
www.haaretz.com/israel-news/...
Shockingly, the leaks shows that Intellexa kept REMOTE ACCESS to Predator systems deployed on government clients’ premises — meaning the company had the potential to see data about surveillance victims in real time..
December 4, 2025 at 2:38 PM
Shockingly, the leaks shows that Intellexa kept REMOTE ACCESS to Predator systems deployed on government clients’ premises — meaning the company had the potential to see data about surveillance victims in real time..
We've found first evidence of active Predator spyware in Pakistan 🇵🇰 - where a human rights lawyer in Balochistan was targeted amid intensified repression against civil society in the country.
securitylab.amnesty.org/latest/2025/...
securitylab.amnesty.org/latest/2025/...
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
Drawing on leaked internal company documents, sales and marketing material, as well as training videos, the “Intellexa Leaks” investigation gives a never-before-seen glimpse of the internal operations...
securitylab.amnesty.org
December 4, 2025 at 2:38 PM
We've found first evidence of active Predator spyware in Pakistan 🇵🇰 - where a human rights lawyer in Balochistan was targeted amid intensified repression against civil society in the country.
securitylab.amnesty.org/latest/2025/...
securitylab.amnesty.org/latest/2025/...