Predator Returns: The Global Elite Are Back in the Crosshairs of the Digital Predator

[Friend]

Whose secrets will turn out to be the next trophy of the attackers?

After numerous sanctions and the publication of information about the Predator spyware, its activity has noticeably decreased. However, according to the latest data from Insikt Group analysts, malicious campaigns using the program are gaining momentum again.

Predator's infrastructure has returned with improved cloaking and evasion techniques, and the main countries where the use of the program has been documented are the Democratic Republic of Congo and Angola.

The Predator, created by Intellexa, poses a serious threat to privacy and security, especially for high-profile individuals such as politicians, businessmen and journalists. Spyware is capable of accessing personal data, messages, contacts, and even using cameras and microphones without users' knowledge.

Analysts note that the new infrastructure of the program has added an additional layer of protection, which makes it even more difficult to identify its users and countries where it is used. Such improvements significantly complicate the work of researchers and cybersecurity specialists.

Despite the changes in infrastructure, the attack methods remain the same: Predator uses so-called "one-click" or "zero-click" attacks, exploiting vulnerabilities in browsers and networks. Although there is no data yet on full-fledged remote attacks, as was the case with Pegasus, the threats posed by Predator remain significant.

Of particular concern is the fact that the target of espionage using the Predator is high-ranking individuals who have sensitive information for government agencies and other attackers. The expensive license to use Predator also suggests that the spyware is being used for strategic purposes.

Experts recommend several measures to protect against spyware: timely software updates, regular reboot of devices, activation of Lockdown Mode, use of mobile device management (MDM) systems, and training employees to recognize phishing attacks.

Despite efforts to regulate and ban the use of spyware, the market for such products continues to grow. This poses new challenges for cybersecurity and governments around the world, requiring enhanced measures to protect the privacy and legality of such tools.

The restoration of the Predator infrastructure demonstrates that the threat from spyware has not disappeared. As the world strives for tighter control, spyware is becoming more sophisticated and sophisticated.

Source

 

[Friend]

The return of the Predator: sanctions are powerless against the new digital monster.
Predator is evolving despite bans and exposure of activities.

After the US sanctions, the activity of Intellexa's Predator spyware decreased markedly. However, recent data from Insikt Group suggests that the Predator infrastructure is back active, with improvements aimed at bypassing detection and anonymizing users. This return underscores the continued use of spyware by customers in the Democratic Republic of Congo and Angola.

Initially, after the imposition of sanctions in 2024, it seemed that political efforts to curb spyware began to bear fruit. But new research shows that the Predator has not disappeared, but on the contrary, continues to pose a serious threat to privacy and security, especially for politicians and company executives. At the same time as the return of spyware, operators have introduced new methods to conceal their activities, making it more difficult to trace attacks and their sources.

Predator's infrastructure has been modernized with an additional layer of anonymity, making operational processes even more secretive. This change complicates the task of researchers and information security specialists, making it more difficult to identify the sources of espionage. Despite the updates, the basic methods of operation of the program remain unchanged. Predator likely still uses both click-through and non-user interaction attacks, exploiting browser vulnerabilities and network access to install on targeted devices.

Among the main threats of Predator remains the ability to sneak into devices, which allows attackers to access sensitive data such as messages, contacts, and even activate cameras and microphones without the owner's knowledge. Particularly worrying is that the Predator remains targeting high-profile individuals, including politicians, journalists, and activists. The use of such software by governments raises serious ethical questions, especially against the backdrop of scandals in Greece and Poland, where it was revealed that spyware was used against the political opposition and journalists.

To counter these threats, Insikt recommends implementing several security measures that can help reduce the risk of infection with Predator devices. Among them:

• Regular software updates to fix vulnerabilities that can be exploited by spyware.
• Periodic device reboots, which can temporarily disrupt malware.
• Enable restricted access mode on devices to prevent unauthorized access and exploitation attempts.
• Use of mobile device management (MDM) systems, which allows organizations to control the security of employees' devices.
• Training employees to counter phishing attacks and other social engineering techniques to reduce the likelihood of falling into the trap of cybercriminals.

The spyware market continues to grow, and the demand for such products is only increasing. Spyware developers are improving their tools to bypass modern security systems. In response to this threat, the international community is actively discussing the issue of regulating spyware technologies. In particular, investigations are already underway in the European Union in order to tighten control over the sale and use of such programs.

The return of the Predator is a reminder that the spyware threat is here to stay. Infrastructure has become more complex and user tracking now requires more effort, but adhering to basic cybersecurity principles can significantly reduce risks. In the future, to prevent the further spread of such threats, it is necessary to strengthen global regulatory measures and coordinate the work of security specialists.

 

[Friend]

The End of the Predator Era: The U.S. Breaks the Threads of Global Cyber Espionage.
The U.S. is taking another step forward in the fight against the international spyware network.

The U.S. Department of the Treasury has sanctioned 5 individuals and 1 company associated with the Intellexa consortium for participating in the development, operation, and distribution of spyware that poses a threat to U.S. national security. The measures taken are in addition to previously imposed sanctions against other members of the consortium, as well as actions by the US Department of Commerce and the US Department of State aimed at limiting the use of such technologies.

Intellexa is an international network of companies that develop and sell spyware under the Predator brand. The program allows you to discreetly access data on victims' devices, including photos, messages, and microphone recordings. Intellexa spyware is used by government organizations and government agencies around the world, and its victims have included officials, journalists, and opposition politicians.

The following individuals and companies fell under the sanctions:

1. Felix Bitios is the beneficiary of Intellexa, a company that supplied Predator spyware to a government client overseas. He also acted as the manager of Intellexa S.A., a company that is part of the consortium and is already under US sanctions.
2. Andrea Nicola Constantino Guerme Gambazzi is the beneficiary of Thalestris Limited and Intellexa Limited, which are also part of the Intellexa consortium. Thalestris Limited owns the rights to distribute the Predator spyware and is the parent company of Intellexa S.A. Gambazzi was involved in the processing of financial transactions for other companies within the consortium.
3. Merom Harpaz is a senior leader of the Intellexa consortium and has also served as a manager of Intellexa S.A.
4. Panayiota Karaoli is a director of several companies in the Intellexa consortium that are controlled by or are subsidiaries of Thalestris Limited.
5. Artemis Artemiou is the General Manager and Member of the Board of Cytrox Holdings, a member of the Intellexa consortium. Artemiu is also an employee of Intellexa S.A.
6. Aliada Group Inc. is a British Virgin Islands-registered company that is part of the Intellexa consortium that has been involved in tens of millions of dollars in transactions related to the network. Aliada Group is controlled by Intellexa founder Tal Jonathan Dilian and is closely associated with Intellexa S.A. and Intellexa Limited. The company also owns shares in Cytrox Holdings.

These individuals and companies were added to the sanctions list for participating in cyber activities aimed at threatening the national security and economic stability of the United States. Activities include the misappropriation of funds, trade secrets, personal data, and financial information for commercial or financial gain.

As a result of the imposed sanctions, all assets of these individuals and organizations located in the United States or under the control of US citizens will be blocked. Any financial transactions involving them in the United States are prohibited without special permission from the Treasury Department.

U.S. citizens and companies are also prohibited from entering into any transactions with these individuals or companies. Financial institutions that continue to cooperate with these individuals may also face sanctions.

The US Treasury Department also recalled that the purpose of sanctions is not to punish, but to change the behavior of violators. Sanctioned organizations and individuals can request to be removed from the list if the conditions are met.

The US Treasury Department imposed sanctions on the consortium itself back in July 2023. At the time, the US government and several research organizations accused Intellexa of trading cyber exploits used to access unprotected software systems.

Predator spyware has been actively used around the world since 2019, targeting Android and iPhone devices. The U.S. Treasury Department claims that the consortium has a "global customer base," including various authoritarian states.