Intellexa Group's Predator spyware has experienced a resurgence in activity following a decline spurred by sanctions imposed by the Biden administration, reports The Record, a news site by cybersecurity firm Recorded Future.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group, which also observed usage of the surveillance tool in Madagascar and the United Arab Emirates. Operators of the Predator spyware have also adopted "multi-tiered delivery system" and enhanced operational security, as well as more substantial infrastructure setup modifications aimed at increasing customer anonymity, said researchers. Such effective concealment of operations have ensured the persistence of the surveillance tool amid crackdowns, noted Recorded Future researcher Julian-Ferdinand Vogele. "While public reporting and sanctions have likely made it more challenging for Predator operators, the threat has proven to be persistent. As seen in this latest iteration, we expect them to gradually adapt and modify their operational tactics," said Vogele.
