Intellexa spyware consortium sustains operations under US sanctions
Threat Actor Meta
Summary
Hide ▲
Show ▼
Intellexa's spyware ecosystem is still operating despite extensive US sanctions, showing that the consortium can keep selling and innovating across a multi-entity structure. New findings tie the group to a fresh zero-click infection vector, Aladdin, and to continued exploitation of mobile browsers. The development matters because it shows a sanctioned spyware vendor retaining market reach and adapting its delivery chain rather than disappearing.
Related Happenings
OFAC removes Intellexa-linked individuals from sanctions list
Regulatory/Legal Action
First: 31.12.2025 07:17
Last: 31.12.2025 07:17
Sources 1
About this happening:
**OFAC** removed **three individuals linked to Intellexa Consortium** from the sanctions list, easing restrictions on people previously designated over **Predator spyware** activi...
OFAC removes Intellexa-linked individuals from sanctions list
Regulatory/Legal ActionAbout this happening: **OFAC** removed **three individuals linked to Intellexa Consortium** from the sanctions list, easing restrictions on people previously designated over **Predator spyware** activi...
Intellexa Predator spyware delivery and device-data exfiltration
Malware Activity
First: 05.12.2025 13:47
Last: 05.12.2025 13:47
Sources 1
About this happening:
Intellexa's **Predator** spyware was used in a **new 1-click targeting attempt** against a **civil society lawyer in Pakistan**, underscoring continued mobile surveillance operati...
Intellexa Predator spyware delivery and device-data exfiltration
Malware ActivityAbout this happening: Intellexa's **Predator** spyware was used in a **new 1-click targeting attempt** against a **civil society lawyer in Pakistan**, underscoring continued mobile surveillance operati...
Predator spyware Aladdin zero-click ad-delivery
Malware Activity
First: 04.12.2025 22:47
Last: 04.12.2025 22:47
Sources 1
About this happening:
**Predator spyware** from Intellexa is using **Aladdin**, a **zero-click** ad-based infection path, to compromise selected targets without requiring a click. The activity matters...
Predator spyware Aladdin zero-click ad-delivery
Malware ActivityAbout this happening: **Predator spyware** from Intellexa is using **Aladdin**, a **zero-click** ad-based infection path, to compromise selected targets without requiring a click. The activity matters...
APT24 BadAudio multi-delivery espionage campaign
Campaign
First: 21.11.2025 00:12
Last: 21.11.2025 00:12
Sources 1
About this happening:
**APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...
APT24 BadAudio multi-delivery espionage campaign
CampaignAbout this happening: **APT24** is running a **three-year espionage campaign** with **BadAudio** that has expanded into multiple delivery methods, increasing the operation's reach and stealth. Since **...
Timeline
-
05.12.2025 11:15 2 articles · 5mo ago
Intellexa spyware consortium sustains operations under US sanctions
Initial Disclosure**Intellexa** is still functioning under **US sanctions**, and leaked-material investigations are exposing how its consortium structure and delivery methods continue to evolve. The new findings add evidence that the vendor ecosystem remains commercially active and technically adaptable.
Show sources
- Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified — www.infosecurity-magazine.com — 05.12.2025 11:15
- Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified — www.infosecurity-magazine.com — 05.12.2025 11:15