Smartphone and glasses on a desk representing journalist surveillance.
Cybersecurity

Predator Spyware: Angola Journalist Hacked [Amnesty Report]

4 min readby

It is a bitter irony that on May 3, 2024—a date celebrated globally as World Press Freedom Day—one of Angola’s most prominent journalists was being silently stripped of his privacy. According to new forensic findings from Amnesty International, that was the exact timeframe when the iPhone of Teixeira Cândido, the Secretary-General of the Union of Angolan Journalists, was compromised by Predator spyware.

This isn’t just another hacking story. It is the first publicly confirmed instance of this specific military-grade spyware being deployed against an individual in Angola. It serves as a stark reminder that despite international crackdowns and aggressive sanctions from the United States, the market for mercenary surveillance tools is alive, well, and dangerous.

How exactly does Predator take over a device?

You might be wondering how a piece of software can bypass the robust security of a modern iPhone. In Cândido’s case, the vector was deceptively simple: a malicious link sent via WhatsApp. Once clicked, the spyware—developed by the Intellexa alliance—effectively turned the device against its owner.

Predator operates much like the infamous Pegasus spyware from NSO Group. It doesn’t just steal files; it grants the attacker total remote control. We are talking about full access to the microphone, the camera, all messages, and the photo gallery. The phone becomes a listening device in the journalist’s pocket.

Illustration related to Predator Spyware: Angola Journalist Hacked [Amnesty Report]

The psychological toll of this kind of intrusion is devastating. Teixeira Cândido described the violation viscerally, stating, “I literally felt naked! It’s as if someone I don’t know had stripped me naked in public. It’s like taking a shower with people watching.” This isn’t just surveillance; it is an act of intimidation designed to chill investigative reporting.

Why haven’t sanctions stopped Intellexa?

This is the question frustrating privacy advocates and policymakers alike. The Intellexa alliance, a labyrinthine network of companies with roots in Europe and Israel, has been in the crosshairs of the U.S. government for some time. The U.S. Department of the Treasury has levied sanctions against the consortium in an attempt to curb the proliferation of commercial spyware.

However, the regulatory landscape is messy. In a controversial move in late December 2025, the U.S. Treasury actually lifted sanctions on three key executives linked to Intellexa—Merom Harpaz, Andrea Gambazzi, and Sara Hamou. These individuals successfully petitioned for removal by claiming they had separated from the consortium. While the entities themselves remain sanctioned, critics argue that delisting key players weakens the deterrent effect.

Furthermore, the “Intellexa Leaks” revealed in late 2025 painted a disturbing picture of the company’s internal operations. Contrary to the standard industry defense—that vendors only sell the tech and clients control the operations—leaked documents suggested Intellexa retained the ability to remotely access customer logs. This implies a level of involvement that contradicts the “hands-off” narrative often pushed by spyware vendors.

What is the political context in Angola?

The deployment of Predator in Angola doesn’t happen in a vacuum. The country is currently navigating a tense political climate as it approaches general elections in 2027. Infrastructure for the spyware had been detected in the region previously, but pinning it to a specific target changes the narrative significantly.

Diagram related to Predator Spyware: Angola Journalist Hacked [Amnesty Report]

Observers have noted tightening restrictions on press freedom in Angola, and targeting a figure as central as the Secretary-General of the Union of Angolan Journalists sends a clear message to the rest of the press corps. Donncha Ó Cearbhaill, the Head of Amnesty’s Security Lab, emphasized that this incident proves the software “continues to be used to target civil society and journalists,” regardless of the international outcry.

Why It Matters

The attack on Teixeira Cândido exposes the fundamental failure of the current “naming and shaming” approach to regulating the spyware industry. While Western governments issue sanctions and export controls, the recent delisting of Intellexa executives suggests a lack of regulatory resolve that vendors are quick to exploit. For journalists in the Global South, the implications are dire: the technology to silence them is readily available to any government willing to pay, and the international community’s ability to stop it is currently proving insufficient. This isn’t just a privacy issue; it is a structural threat to democratic accountability that is outpacing the laws designed to contain it.

Get our analysis in your inbox

No spam. Unsubscribe anytime.

Share this article

Related Articles

Glowing server racks in a dark data center with a disconnected fiber cable.
CybersecurityTelus Digital 1PB Data Breach: How It Happened [Analysis]
Sleek smartphone on a dark reflective surface representing mobile cybersecurity threats.
CybersecurityCoruna iOS Zero-Click Exploit: How It Leaked [Explained]
A concerned banking customer looking at a phone screen in a dark room.
CybersecurityEU Banks Face ‘Refund First’ Mandate for Phishing Victims Under New CJEU Opinion

Leave a Comment