Commercial spyware as an intelligence channel
Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human‑rights defenders, government employees and contractors, and other high‑value individuals. Why? These targets have access to information of value that extends well beyond the device. I’ve long posited that criminal entities operate with two goals in mind: enhance capability or monetize information.
The maturation of tradecraft we are seeing today follows the logical arc of the past decade. These include one‑click links, zero‑click exploit chains, network injection in some cases, and persistent device access. Predator is not a commodity tool. Predator is one of several device‑level compromises that become enterprise‑level exposures. It is a commercial espionage platform sold to governments or their proxies, and once deployed, it creates upstream surveillance capabilities that intersect directly with enterprise data flows, authentication systems, and service‑provider networks.
This is why it matters. These tools don’t just compromise individuals. They compromise the systems those individuals authenticate into, the networks they traverse, and the service providers that carry their traffic. They operate in the same shared dependencies enterprises rely on. The enterprise becomes part of the collection surface whether it wants to or not.
