@IntCyberDigest: ‼️🇮🇱 Smartphones worldwide wer...
@IntCyberDigest
9 views
Dec 05, 2025
2
Internal leaked company documents, sales and marketing materials, as well as training videos from the “Intellexa Leaks” investigation provide a never-before-seen glimpse into the internal operations of a mercenary spyware company focused on exploiting vulnerabilities in mobile devices to enable targeted surveillance attacks on human rights defenders, journalists, and members of civil society.
3
In an attempt to hide the spyware operator's identity, all data is relayed through a chain of anonymization servers called the “CNC Anonymization Network.”
Since the spyware relies on browser exploits, the operator must trick the victim into opening the malicious link; if the link is not opened, infection fails.
Each time a one-click attack link is sent, it risks exposing the operator, as a suspicious target may share it with forensic experts, revealing the attack and potentially the operator.
Since the spyware relies on browser exploits, the operator must trick the victim into opening the malicious link; if the link is not opened, infection fails.
Each time a one-click attack link is sent, it risks exposing the operator, as a suspicious target may share it with forensic experts, revealing the attack and potentially the operator.
4
To avoid detection, Intellexa has designed several “delivery vectors”—different approaches to triggering the opening of an infection link on the target’s phone without requiring the target to manually click it. This enables Intellexa to offer zero-click-like functionality without needing additional zero-click exploits.
6
Ongoing research and technical investigations by Amnesty International indicate that advertisement-based infection methods are being actively developed and used by multiple mercenary spyware companies and by certain governments that have built similar ADINT infection systems.
Amnesty International believes that the use of such “silent” vectors to deliver browser exploits will continue to grow as targets become increasingly suspicious of unknown links and as true zero-click attacks become more expensive and technically difficult to achieve. These findings should redouble efforts by technology vendors and companies in the digital advertising ecosystem to investigate and disrupt such attacks.
Amnesty International believes that the use of such “silent” vectors to deliver browser exploits will continue to grow as targets become increasingly suspicious of unknown links and as true zero-click attacks become more expensive and technically difficult to achieve. These findings should redouble efforts by technology vendors and companies in the digital advertising ecosystem to investigate and disrupt such attacks.
8
Read the full Amnesty report: securitylab.amnesty.org/latest/2025/12…






