• Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most. • Contact Us & Get a DemoIntroduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. • A prominent name continues to surface in the world of mercenary spyware, Intellexa. • Known for its “Predator” spyware, the company was sanctioned by the US Government. • New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving. • Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders.
Article Summaries:
- Google’s Threat Intelligence Group reports that Intellexa, a U.S.-sanctioned spyware vendor, continues to thrive by exploiting zero‑day vulnerabilities and evading restrictions. Since 2021, Intellexa has accounted for 15 of the 70 zero‑days identified by Google’s Threat Analysis Group, including remote code execution, sandbox escape, and privilege escalation flaws that have since been patched. The company also sells parts of exploit chains, such as an iOS RCE chain used in a campaign against Egyptian targets. Despite sanctions, Intellexa remains a major supplier of digital weapons to high‑paying clients, prompting ongoing monitoring and counter‑measures by Google and partner researchers.
Sources: