New Predator spyware infrastructure revealed activity in Mozambique for the first time


Recorded Future’s Insikt Group reported on June 12, 2025 that Predator—the commercial “zero‑click” spyware from the Intellexa Consortium—has resurfaced with refreshed infrastructure in Mozambique. This marks the first publicly confirmed instance of Predator activity in Africa. Insikt discovered a new multi-tiered server architecture, including victim-facing “Tier 1” nodes and higher-level anonymization servers, aimed at obscuring operator identity and evading detection. Technical linkage has also been made between this infrastructure and a Czech entity (FoxITech s.r.o.) tied to Intellexa. The Mozambican operation emerged in early‑to‑mid‑2024 and remains ongoing. This development underscores Predator’s resilience and adaptability—even after U.S. sanctions and public scrutiny—and highlights the spyware’s expanding reach into Africa, targeting high-value individuals through sophisticated, stealthy techniques

Read More


thumb-image

Solutions