Pakistan Buys Israeli Spyware. Again.

Pakistan can’t seem to get enough when it comes to spyware - once they start, they can’t stop.

(Cue the Pringles jingle)

Over the summer of 2025, A human rights lawyer situated in Pakistan’s Balochistan province – which has been subject to numerous internet shutdowns, and crackdowns on peaceful protests (ostensibly for reasons of “national security”) – had received a WhatsApp message from an unknown number, purported to be from a journalist, with a link attached to it. Suspicious of the message, the human rights lawyer forwarded it to Amnesty International, whose Security Lab determined not only that the message had been infected by Predator, software developed by the Israeli Intellexa spyware company, but that the human rights lawyer was not the only Pakistan-based target of Predator. According to Amnesty International, “This is the first reported evidence of Predator spyware being used in the country.”

In early December 2025, a joint investigation by Switzerland’s WAV Research Collective, Greece’s Inside Story, and Israel’s Haaretz revealed the inner workings of Intellexa, an Israeli spyware company known especially for its notorious flagship “Predator” tool. As Haaretz reported in December 2025:

“Predator is one of the most invasive spywares on the market. If successfully deployed and installed on a smartphone, it can hack the most up-to-date versions of Apple and Google's mobile operating systems, according to leaked materials. It extracts all the contents from hacked devices, including messages from encrypted messaging applications, listens to calls, and remotely activates the microphone and camera, as well as gaining access to additional services used by the target from their phone.”

Predator is able to carry out the above by carrying out a “1-click” attack – simply put, if a targeted user clicks on a malicious link, “The malicious link then loads a browser exploit for Chrome (on Android) or Safari (on iOS) to gain initial access to the device and download the full spyware payload.” Following this, any extracted information is sent to a Predator server that is “physically located in the customer country.”

The report by Amnesty International’s Security Lab,“To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware”, is strongly recommended, for providing an extensive breakdown of Predator and other Intellexa spyware and their modus operandi.

Sanctioned in March of 2024 by the Treasury Department of the United States government, only to to have said sanctions removed at the end of December 2025 by US President Donald Trump, Intellexa is considered to be what one of what Amnesty International refers to as a “mercenary spyware company” ie any “private entities that develop spyware and sell it for use by governments.” Governments such as the Islamic Republic of Pakistan.

According to Haaretz:

"Amnesty did not determine who is behind the hacking attempts in Pakistan but noted that the findings "strongly indicate a government client." Sources from the mobile cybersecurity world in Israel and abroad say the client is Pakistan itself."

This is not the first time that Pakistan has purchased or sought to purchase spyware from overseas. In 2014 it was discovered that two FinFisher “Command and Control” servers were operational in Pakistan. The following year, the Italian spyware company Hacking Team was itself hacked, revealing that Pakistan, what Hacking Team called an “exceptional customer”, was interesting in buying its Remote Control Software (RCS) suite – only for the company to give up on the proposed sale, with one of its founders calling it “una perdita di tempo” –a waste of time.

When the Pakistani state wants to buy shiny spy toys, it usually goes with vendors from countries that it has diplomatic relationships with – the US, Canada, France, China, the UK, Germany, Italy and so on.

In the case of Intellexa and Predator, however, what we find is that Pakistan has purchased and utilised spyware from Israel, a country that it does not have diplomatic relations with (though not for want of trying). In 2023, five Pakistanis were imprisoned for visiting Israel, and in 2022 a Pakistani journalist was fired by Pakistan’s state broadcaster, PTV, for visiting Israel. People from Pakistan can’t go to Israel – which, given its ongoing genocide of Palestinians, wouldn’t be on my bucket list either – but Pakistan can buy software and hardware to spy on its own citizens.

This is also not the first time that Pakistan has purchased spyware (software and hardware) from Israel, by the by. A 2023 report by Haaretz has shown that since at least 2012, Pakistan’s Federal Investigation Agency (FIA) and other Pakistani law enforcement agencies has purchased and continued to purchase, until fairly recently, tools produced by Cellebrite, another controversial Israeli firm accused of selling to authoritative governments. The 2023 Haaretz report does not just provide photos of Cellebrite hardware being displayed, by Pakistani police, but also images of “FIA invitation for bids from 2021 for Cellebrite's UFED system”. UFED, according to Haaretz:

"enables law enforcement agencies to engage in digital forensic work by hacking into password-protected cellphones and copying all the information stored on them – including pictures, documents, text messages, calling histories and contacts."

Amusingly, though until 2019 Cellebrite sold its products directly to Pakistan via a Singaporean subsidiary, the company’s current terms and conditions or End User License Agreement forbids sales to Pakistan, as one of a collection of “Restricted Territories”:

"“Restricted Territories” shall mean any of those jurisdictions or territories that are (i) subject or target of sanctions or terrorist-supporting territories, including, without limitation, Iran, Iraq, Somalia, Syria, Libya, Lebanon, Palestinian territories, North Korea, Sudan, Yemen, Cuba, Venezuela, Pakistan and the Crimea region, or (ii) regulated territories in which Licensee does not have the licences, permits, authorizations and approvals that are required by all applicable laws issued by the relevant regulatory authority to carry out Licensee’s business activity using the Product and/or the Software."

Isn't it a wonderful thing when shared values can transcend diplomatic niceties and restrictions? Trade, economic growth, the desire to spy on one’s own citizens...so remember don't click on that random WhatsApp message!

Sources:

To catch a predator: Leak exposes the internal operations of Intellexa’s mercenary spyware. Amnesty International Security Lab. (2025, December 9). https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/

Benjakob, O., Triantafillou, E., & Naegeli, L. (2025, December 4). Israeli spyware firm owned by ex-intel officer still active despite U.S. sanctions. Haaretz.https://www.haaretz.com/israel-news/security-aviation/2025-12-03/ty-article-magazine/.premium/israeli-spyware-firm-intellexa-owned-by-ex-intel-officer-still-active-amid-us-sanctions/0000019a-e3e8-db35-afbf-ebfcb8bb0000Archived URL:https://archive.is/RiSTJ

Saeed, R., & Armaan, N. (2025, August 18). The politics and people behind Balochistan, Pakistan’s internet shutdowns. Global Voices.https://globalvoices.org/2025/08/18/the-politics-and-people-behind-balochistan-pakistans-internet-shutdowns/

Yaron, O. (2023, August 3). Pakistan’s spy agency buys Israeli Cellphone Hacking Tech. Haaretz.https://www.haaretz.com/israel-news/security-aviation/2023-08-03/ty-article/.premium/pakistans-spy-agency-buys-israeli-cellphone-hacking-tech/00000189-b608-db5d-a5fd-b62979680000Archived URL:https://archive.is/Wyj5H

Estrin, D., & Hadid, D. (2022, June 2). A rare visit by Pakistanis to Israel has caused furor in Islamabad. NPR.https://www.npr.org/2022/06/01/1101735669/a-rare-visit-by-pakistanis-to-israel-has-caused-furor-in-islamabad

Cheema, U. (2023, July 7). Pakistanis arrested for travelling to Israel have relatives there. Geo News.https://www.geo.tv/latest/497649-pakistanis-arrested-for-travelling-to-israel-have-relatives-there

Haque, J., & Rehman, A. (2015, July 28).Hacking Team hacked: The Pakistan connection, and India’s expansion plan. DAWN News.https://www.dawn.com/news/1196767

Jahanzaib Haque, J. (2104, August 24). Customer 32 — who used FinFisher to spy in Pakistan?. DAWN News.https://www.dawn.com/news/1127405

Pakistan: UN experts demand release of Baloch Human Rights Defenders, and an end to crackdown on peaceful protest | ohchr. (2025, March 26).https://www.ohchr.org/en/press-releases/2025/03/pakistan-un-experts-demand-release-baloch-human-rights-defenders-and-end