New Delhi: A US-sanctioned Israeli spyware was allegedly deployed against citizens in Pakistan, including a human rights lawyer, according to an investigation released Wednesday that exposed how the surveillance tool operated from the UAE to evade further penalties.
Amnesty International began investigating the matter last year, and the findings—called ‘The Intellexa Leaks’—mark the first documented use of Predator spyware in Pakistan. The report was jointly conducted by Inside Story, Haaretz and WAV research collective, with technical analysis by Amnesty International.
Predator, sold by Israeli firm Intellexa, is considered one of the most invasive spyware tools available. According to leaked materials, once installed on a smartphone, it can compromise even the latest versions of Apple and Google’s operating systems, extract the full contents of a device, including encrypted messages, monitor calls and remotely activate the phone’s microphone, camera and other services.
The investigation, based on materials leaked from the firm’s records from 2018 to 2025, found both new clients and old clients that are still active, including Kazakhstan, Egypt and Saudi Arabia. Amnesty International described Intellexa as “notorious for selling highly invasive spyware Predator linked to human rights abuses in multiple countries”.
Also Read: Asim Munir & Pakistan’s Failed Marshal Doctrine
Government client suspected
Although Pakistan does not have diplomatic relations with Israel, the report says, findings “strongly indicate a government client” in Pakistan. Sources in the Israeli cybersecurity world told Haaretz that the client is Pakistan itself.
Pakistani military expert and activist Ayesha Siddiqa said the security establishment would not hesitate to deploy spyware “to target, specifically target human rights organisations”, as well as ethnic groups, political leaders and other critics.
“There is no doubt about it,” she told ThePrint, pointing to recent events including the case of human rights lawyer Imaan Mazari and her husband, who were earlier this year sentenced to seven years in prison.
Tools like advanced spyware, she warned, would be used “to cow down civil society”, suppress protests and silence political dissent—behaviour she described as characteristic of authoritarian regimes.
According to Amnesty International, “another target of a different Intellexa client was also identified in another developing country”, though it was not named.
Pakistan denies allegations
Pakistan on Friday rejected the Amnesty International report, dismissing the findings as unfounded and misleading.
Foreign Office spokesperson Tahir Andrabi firmly denied that Pakistan had ever deployed the technology or engaged in any form of cooperation with Israel.
“These are all media speculations. These are all rumour-mongering and disinformation. There is absolutely no cooperation between Pakistan and Israel on anything, let alone spyware or these kinds of tools. So, I would reject it quite emphatically,” he said at a weekly press briefing.
Operating beyond oversight
Intellexa is widely regarded as one of the most notorious “mercenary spyware companies”, a term used by civil society groups and security researchers to describe private firms that develop surveillance tools and market them to governments.
The firm is believed to be the largest Israeli offensive cyber firm operating outside Israel and the primary marketer of the Predator spyware suite. It was founded by Tal Dilian, a former senior officer in Israeli Military Intelligence.
Dilian and his company have long operated beyond the purview of Israel’s Defence Ministry, according to Haaretz, even as many of Intellexa’s senior staff and owners are Israeli nationals working abroad.
One of the striking revelations of the Amnesty report was training videos, which were part of the leaked material. The videos purportedly show that at the time of training, the firm appeared to retain the ability to remotely access Predator systems operated by its government clients, even when those systems were housed within secure state facilities. Such access would give the company visibility into who was being targeted and what data was being extracted.
Sanctions and continued operations
In 2024, the US imposed sanctions on Dilian and other executives, according to Haaretz, less than a year after adding the Israeli firm to a federal blacklist reserved for entities deemed hostile to American interests.
A parallel report by Recorded Future, the cyber-intelligence firm owned by Mastercard, identified previously unknown Predator-linked infrastructure operating in Iraq. Researchers found evidence that the spyware has been deployed in northern Iraq and the Kurdish region over the past two years—despite Israel’s prohibition on exporting surveillance technology to Iraq or Pakistan.
Google’s Threat Intelligence Group, in a report also published Wednesday, corroborated these findings and noted that Intellexa was “thriving”. Google said it has issued alerts to “hundreds” of targeted accounts associated with Intellexa’s government clients since 2023.
Spyware makers such as NSO Group and Paragon have long insisted that they bear no responsibility for how customers use their tools, claiming they sell only to vetted governments fighting serious crime and terrorism and that they cannot see whom those governments target.
(Edited by Prerna Madan)
Also Read: How Pakistan thinks: Army for hire, ideology of convenience