SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
A digital eye spies on a device's user in this stylized stock image.
(Image by Sean Gladwell/Getty Images)
'Intellexa Leaks' Reveal Wider Reach of Predator Spyware
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
Dec 04, 2025
Highly invasive spyware from consortium led by a former senior Israeli intelligence official and sanctioned by the US government is still being used to target people in multiple countries, a joint investigation published Thursday revealed.
Inside Story in Greece, Haaretz in Israel, Swiss-based WAV Research Collective, and Amnesty International collaborated on the investigation into Intellexa Consortium, maker of Predator commercial spyware. The "Intellexa Leaks" show that clients in Pakistan—and likely also in other countries—are using Predator to spy on people, including a featured Pakistani human rights lawyer.
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
🚨Intellexa Leaks:"Among the most startling findings is evidence that—at the time of the leaked training videos—Intellexa retained the capability to remotely access Predator customer systems, even those physically located on the premises of its govt customers."securitylab.amnesty.org/latest/2025/...
[image or embed]
— Vas Panagiotopoulos (@vaspanagiotopoulos.com) December 3, 2025 at 9:07 PM
Predator works by sending malicious links to a targeted phone or other hardware. When the victim clicks the link, the spyware infects and provide access to the targeted device, including its encrypted instant messages on applications such as Signal and WhatsApp, as well as stored passwords, emails, contact lists, call logs, microphones, audio recordings, and more. The spyware then uploads gleaned data to a Predator back-end server.
The new investigation also revealed that in addition to the aforementioned "one-click" attacks, Intellexa has developed "zero-click" capabilities in which devices are infected via malicious advertising.
In March 2024, the US Treasury Department sanctioned two people and five entities associated with Intellexa for their alleged role "in developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts."
"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the department said at the time.
Those sanctioned include Intellexa, its founder Tal Jonathan Dilian—a former chief commander of the Israel Defense Forces' top-secret Technological Unit—his wife and business partner Sara Aleksandra Fayssal Hamou; and three companies within the Intellexa Consortium based in North Macedonia, Hungary, and Ireland.
In September 2024, Treasury sanctioned five more people and one more entity associated with the Intellexa Consortium, including Felix Bitzios, owner of an Intellexa consortium company accused of selling Predator to an unnamed foreign government, for alleged activities likely posing "a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."
The Intellexa Leaks reveal that new consortium employees were trained using a video demonstrating Predator capabilities on live clients. raising serious questions regarding clients' understanding of or consent to such access.
"The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs—allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes," said van Bergen.
"If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware," he added.
Dilian, Hamou, Bitzios, and Giannis Lavranos—whose company Krikel purchased Predator spyware—are currently on trial in Greece for allegedly violating the privacy of Greek journalist Thanasis Koukakis and Artemis Seaford, a Greek-American woman who worked for tech giant Meta. Dilian denies any wrongdoing or involvement in the case.
Earlier this week, former Intellexa pre-sale engineer Panagiotis Koutsios testified about traveling to countries including Colombia, Kazakhstan, Kenya, Mexico, Mongolia, the United Kingdom, and Uzbekistan, where he pitched Predator to public, intelligence, and state security agencies.
The new joint investigation follows Amnesty International's "Predator Files," a 2023 report detailing "how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance is being sold and transferred around the world with impunity."
The Predator case has drawn comparisons with Pegasus, the zero-click spyware made by the Israeli firm NSO Group that has been used by governments, spy agencies, and others to invade the privacy of targeted world leaders, political opponents, dissidents, journalists, and others.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Highly invasive spyware from consortium led by a former senior Israeli intelligence official and sanctioned by the US government is still being used to target people in multiple countries, a joint investigation published Thursday revealed.
Inside Story in Greece, Haaretz in Israel, Swiss-based WAV Research Collective, and Amnesty International collaborated on the investigation into Intellexa Consortium, maker of Predator commercial spyware. The "Intellexa Leaks" show that clients in Pakistan—and likely also in other countries—are using Predator to spy on people, including a featured Pakistani human rights lawyer.
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
🚨Intellexa Leaks:"Among the most startling findings is evidence that—at the time of the leaked training videos—Intellexa retained the capability to remotely access Predator customer systems, even those physically located on the premises of its govt customers."securitylab.amnesty.org/latest/2025/...
[image or embed]
— Vas Panagiotopoulos (@vaspanagiotopoulos.com) December 3, 2025 at 9:07 PM
Predator works by sending malicious links to a targeted phone or other hardware. When the victim clicks the link, the spyware infects and provide access to the targeted device, including its encrypted instant messages on applications such as Signal and WhatsApp, as well as stored passwords, emails, contact lists, call logs, microphones, audio recordings, and more. The spyware then uploads gleaned data to a Predator back-end server.
The new investigation also revealed that in addition to the aforementioned "one-click" attacks, Intellexa has developed "zero-click" capabilities in which devices are infected via malicious advertising.
In March 2024, the US Treasury Department sanctioned two people and five entities associated with Intellexa for their alleged role "in developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts."
"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the department said at the time.
Those sanctioned include Intellexa, its founder Tal Jonathan Dilian—a former chief commander of the Israel Defense Forces' top-secret Technological Unit—his wife and business partner Sara Aleksandra Fayssal Hamou; and three companies within the Intellexa Consortium based in North Macedonia, Hungary, and Ireland.
In September 2024, Treasury sanctioned five more people and one more entity associated with the Intellexa Consortium, including Felix Bitzios, owner of an Intellexa consortium company accused of selling Predator to an unnamed foreign government, for alleged activities likely posing "a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."
The Intellexa Leaks reveal that new consortium employees were trained using a video demonstrating Predator capabilities on live clients. raising serious questions regarding clients' understanding of or consent to such access.
"The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs—allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes," said van Bergen.
"If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware," he added.
Dilian, Hamou, Bitzios, and Giannis Lavranos—whose company Krikel purchased Predator spyware—are currently on trial in Greece for allegedly violating the privacy of Greek journalist Thanasis Koukakis and Artemis Seaford, a Greek-American woman who worked for tech giant Meta. Dilian denies any wrongdoing or involvement in the case.
Earlier this week, former Intellexa pre-sale engineer Panagiotis Koutsios testified about traveling to countries including Colombia, Kazakhstan, Kenya, Mexico, Mongolia, the United Kingdom, and Uzbekistan, where he pitched Predator to public, intelligence, and state security agencies.
The new joint investigation follows Amnesty International's "Predator Files," a 2023 report detailing "how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance is being sold and transferred around the world with impunity."
The Predator case has drawn comparisons with Pegasus, the zero-click spyware made by the Israeli firm NSO Group that has been used by governments, spy agencies, and others to invade the privacy of targeted world leaders, political opponents, dissidents, journalists, and others.
From Your Site Articles
Highly invasive spyware from consortium led by a former senior Israeli intelligence official and sanctioned by the US government is still being used to target people in multiple countries, a joint investigation published Thursday revealed.
Inside Story in Greece, Haaretz in Israel, Swiss-based WAV Research Collective, and Amnesty International collaborated on the investigation into Intellexa Consortium, maker of Predator commercial spyware. The "Intellexa Leaks" show that clients in Pakistan—and likely also in other countries—are using Predator to spy on people, including a featured Pakistani human rights lawyer.
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
🚨Intellexa Leaks:"Among the most startling findings is evidence that—at the time of the leaked training videos—Intellexa retained the capability to remotely access Predator customer systems, even those physically located on the premises of its govt customers."securitylab.amnesty.org/latest/2025/...
[image or embed]
— Vas Panagiotopoulos (@vaspanagiotopoulos.com) December 3, 2025 at 9:07 PM
Predator works by sending malicious links to a targeted phone or other hardware. When the victim clicks the link, the spyware infects and provide access to the targeted device, including its encrypted instant messages on applications such as Signal and WhatsApp, as well as stored passwords, emails, contact lists, call logs, microphones, audio recordings, and more. The spyware then uploads gleaned data to a Predator back-end server.
The new investigation also revealed that in addition to the aforementioned "one-click" attacks, Intellexa has developed "zero-click" capabilities in which devices are infected via malicious advertising.
In March 2024, the US Treasury Department sanctioned two people and five entities associated with Intellexa for their alleged role "in developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts."
"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the department said at the time.
Those sanctioned include Intellexa, its founder Tal Jonathan Dilian—a former chief commander of the Israel Defense Forces' top-secret Technological Unit—his wife and business partner Sara Aleksandra Fayssal Hamou; and three companies within the Intellexa Consortium based in North Macedonia, Hungary, and Ireland.
In September 2024, Treasury sanctioned five more people and one more entity associated with the Intellexa Consortium, including Felix Bitzios, owner of an Intellexa consortium company accused of selling Predator to an unnamed foreign government, for alleged activities likely posing "a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."
The Intellexa Leaks reveal that new consortium employees were trained using a video demonstrating Predator capabilities on live clients. raising serious questions regarding clients' understanding of or consent to such access.
"The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs—allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes," said van Bergen.
"If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware," he added.
Dilian, Hamou, Bitzios, and Giannis Lavranos—whose company Krikel purchased Predator spyware—are currently on trial in Greece for allegedly violating the privacy of Greek journalist Thanasis Koukakis and Artemis Seaford, a Greek-American woman who worked for tech giant Meta. Dilian denies any wrongdoing or involvement in the case.
Earlier this week, former Intellexa pre-sale engineer Panagiotis Koutsios testified about traveling to countries including Colombia, Kazakhstan, Kenya, Mexico, Mongolia, the United Kingdom, and Uzbekistan, where he pitched Predator to public, intelligence, and state security agencies.
The new joint investigation follows Amnesty International's "Predator Files," a 2023 report detailing "how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance is being sold and transferred around the world with impunity."
The Predator case has drawn comparisons with Pegasus, the zero-click spyware made by the Israeli firm NSO Group that has been used by governments, spy agencies, and others to invade the privacy of targeted world leaders, political opponents, dissidents, journalists, and others.
From Your Site Articles
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.