Overview
- Leaked training footage analyzed by Amnesty indicates Intellexa personnel could remotely view customer dashboards and harvested victim data, with a session described as a live system rather than a demo.
- Investigators detailed a zero-click vector called Aladdin that uses commercial ad platforms and DSP targeting to silently redirect selected devices to exploit servers when a malicious ad is merely displayed.
- Google’s threat team counted roughly 15 unique mobile browser zero-day exploits tied to Intellexa since 2021, underscoring sustained procurement and development of high-end exploit chains.
- Follow-on actions included partners shutting down advertising accounts linked to the Aladdin infrastructure, while Recorded Future mapped additional company fronts and recent Predator activity, including infrastructure in Iraq.
- Amnesty reported a 2025 targeting attempt against a Pakistani human rights lawyer and new evidence of operations tied to clients in countries such as Egypt, Saudi Arabia and Kazakhstan, as Intellexa and Pakistani officials publicly rejected the findings.