Pakistan, PUREWILAYAH.COM - A sweeping international investigation has uncovered that authorities in Pakistan deployed an Israeli-developed spyware system—despite the absence of diplomatic ties—to target opposition figures, activists, and human rights lawyers.

The findings expose once again the global spread of Israel’s offensive cyber industry, which continues to operate beyond legal oversight, sanctions, and accountability.

Israeli Spyware Sold Despite U.S. Sanctions

The investigation reveals that Pakistan used Predator, a highly invasive spyware tool developed by Intellexa, an Israeli offensive cyber consortium founded by former Israeli Military Intelligence officer Tal Dilian.

Despite U.S. sanctions imposed two years ago, the company continued supplying spyware to governments around the world.

Intellexa operates outside Israel’s Defense Ministry supervision, allowing it to export cyber weapons without transparency. Dilian himself remains under direct U.S. sanctions.

The findings were published as part of the “Intellexa Files” project, coordinated by Amnesty International with contributions from Haaretz, Greece’s Inside Story, and Switzerland’s WAV Research Collective.

Leaked Files from 2018–2025 Expose Global Client Network

Leaked internal Intellexa documents—spanning 2018 to 2025—show, for the first time, that Pakistan was among Predator’s users, alongside clients including Kazakhstan, Egypt, and Saudi Arabia.

Intellexa is described as the largest offensive cyber network operating outside Israel, with Predator enabling:

• full penetration of smartphones
• extraction of all data, including encrypted messaging apps
• remote activation of microphones and cameras
• real-time monitoring and surveillance

These capabilities position Predator among the world’s most intrusive digital espionage systems.

Targeting Lawyers, Politicians, and Activists

The investigation began after a Pakistani human rights lawyer received a WhatsApp message from an unknown number impersonating a journalist. The link sent to him mimicked a legitimate European news site using his name—but forensic analysis by Amnesty confirmed it contained Predator’s digital fingerprints.

The same malicious link was later found to have been sent to other political figures in Pakistan.

Leaked company training videos from mid-2023 list Intellexa’s active clients under code names: Dragon, Eagle, Fox, Lion, Phoenix, Rhino, and Tiger.
The investigation identifies “Eagle” as Pakistan and “Phoenix” as Libya, with additional suspected users including Egypt, Uzbekistan, Tajikistan, and Saudi Arabia.

Expanding Footprint Across the Middle East

A report by Recorded Future, a cybersecurity intelligence firm owned by Mastercard, found previously unknown Predator-linked digital infrastructure in Iraq, confirming the spyware was used in the Kurdistan Region over the past two years.

Google’s Threat Analysis Group also released a new report supporting Amnesty’s findings, noting the rapid expansion of Intellexa’s operations.

According to Google, hundreds of users worldwide received notifications that their devices had been compromised—or targeted—by advanced espionage linked to Intellexa’s customers.

A Global Cyberweapon Enabled by Israel’s Security Industry

The Intellexa leaks highlight how Israel’s cyber-arms ecosystem—often operating outside any regulatory oversight—continues to furnish governments with tools designed for political repression, surveillance, and control.

The investigation underscores the danger of a privatized Israeli cyber industry whose weapons penetrate borders, diminish civil liberties, and expand the reach of authoritarian surveillance across the world, with little regard for international law or basic human rights. (PW)