A government client of the controversial and sanctioned surveillance software maker Intellexa used its Predator spyware to successfully hack into the iPhone of a well-known Angolan journalist, according to a new investigative report released by Amnesty International on Tuesday. This incident once again exposed the serious situation of powerful mobile phone hacking software being used to target members of civil society.

Amnesty International’s Security Lab conducted an in-depth analysis of several hacking attacks against local Angolan journalist and press freedom activist Teixeira Cândido. The report states that Candido received a series of malicious links via WhatsApp during 2024. After eventually clicking on one of the links, his iPhone was implanted with Predator spyware developed by Intellexa. By examining forensic traces on Candido's phone, researchers discovered that the infection server used in the attack was directly related to Intellexa's previous monitoring infrastructure, thus identifying the source of the intrusion.

Technical analysis shows that the "Predator" spyware is extremely stealthy and evades detection by disguising itself as a legitimate iOS system process. Although Candido restarted his phone hours after clicking the malicious link, which cleared the device of spyware, the attackers were still able to exploit the vulnerability because he was using an older version of iOS. Amnesty International pointed out that "Predator"-related domain names related to Angola had been discovered as early as March 2023, which indicates that there may be wider surveillance testing or deployment activities in the country. Candido may be just one of many victims, but it is currently unable to accurately identify the government client who carried out the hacking attack.

Intellexa has been one of the world's most controversial surveillance software vendors in recent years. U.S. government officials have said the company used a complex network of businesses operating in different jurisdictions to circumvent export control laws and conceal its activities. Although the Biden administration had imposed sanctions on the company and its founder Tal Dilian in 2024, earlier this year the Trump administration lifted sanctions on three executives related to Intellexa, a decision that prompted strong questions from U.S. Senate Democrats. Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, warned that cases of abuse of the software have been confirmed in Angola, Egypt, Pakistan, Greece and other places, and that behind every case revealed, there are often more unknown surveillance abuses hidden.