December 9, 2025
The majority of these attacks – including airstrikes from warplanes, drone strikes, and artillery bombardments – took place in southern Syria.
According to ACLED, Israel attacked Quneitra at least 232 times, Deraa at least 167 times, and the Damascus area at least 77 times between 8 December 2024 and 28 November 2025. This averages to about two attacks per day.
In the first weeks after Assad departed from Syria, Israel’s attacks destroyed the capabilities of the former Syrian military.
The ACLED report comes as Syria enters its first year since the fall of former Syrian president Bashar al-Assad’s government.
The Israeli army occupied large swathes of southern Syria the moment the Assad government collapsed. It has since established permanent outposts and has seized control over vital water sources – practically encircling the Syrian capital.
The occupation continues to expand as Israeli forces carry out almost daily raids.
In just three weeks, the Israeli army carried out more than 60 raids and incursions in Syria’s south, the Syrian Observatory for Human Rights (SOHR) said last month.
Six Israeli soldiers were wounded in a rare resistance operation in southern Syria early on 28 November.
The attack took place during the early hours of Friday as Israeli troops were carrying out an arrest raid in the village of Beit Jinn in the Damascus countryside. The Israeli army had raided the area to detain what it said were two members of the Muslim Brotherhood-affiliated Islamic Group (Jamaa al-Islamiyya). It claimed they had been plotting attacks on Israel.
The Israeli forces came under fire as they were leaving Beit Jinn with both men in custody.
As the soldiers came under fire, Israeli warplanes, drones, and helicopters carried out strikes on the area, killing at least 13 people.
Tel Aviv and the new Syrian government have been engaged in direct talks to reach a security arrangement since the start of the year. The Syrian government has vowed that it has no interest in confronting Israel and has reportedly made commitments to coordinate with Tel Aviv against Iran, Hezbollah, and the Axis of Resistance.
Despite this, Israel has shown no willingness to pull out from Syria and has linked the withdrawal to a comprehensive peace agreement. As a result, Syrian–Israeli negotiations are now said to be stalled, despite reports of progress in recent months.
Since coming to power in December last year, Syria’s new government – led by former Al-Qaeda chief Ahmad al-Sharaa – has been cracking down on Palestinian resistance factions, which for decades were given a safe haven in the country. The crackdown, which included arrests and asset seizures, came at the request of Washington.
Israeli Prime Minister Benjamin Netanyahu said on 2 December that Tel Aviv is open to a deal with Damascus but will not compromise its terms, one day after US President Donald Trump issued a veiled warning urging Israel against actions that “interfere with Syria’s evolution.”
“What we expect Syria to do is, of course, to establish a demilitarized buffer zone from Damascus to the [Israeli-held] buffer zone, and of course the approaches to Mount Hermon and the Hermon summit,” the Israeli premier said.
“In a positive atmosphere and with understanding of these principles, it is also possible to reach an agreement with the Syrians – but we will stand by our principles in any case,” Netanyahu concluded.
New research published by Amnesty
International exposes key operations of Intellexa, an Israeli-linked spyware
consortium responsible for mass surveillance and human rights violations across
multiple continents. This includes ‘Predator,’ a highly invasive tool that
hijacks smartphones to exfiltrate everything from camera feeds to encrypted
chats, GPS locations, and emails. It is just the latest example of an
Israeli-linked spyware specialist acting with no consideration for the law.
However, Amnesty’s report did not focus on this dimension and limited itself to
the technical details, leaving the full extent of the legal violation largely
obscured. Intellexa is among the world’s most notorious “mercenary spyware”
purveyors. In 2023, the company was fined by Greece’s Data Protection Authority
for failing to comply with its investigations into the company.
An ongoing court case in Athens implicates Intellexa apparatchiks and local intelligence services in hacking the phones of government ministers, senior military officers, judges, and journalists. While Amnesty International exposes Intellexa’s spyware activities, it does not provide background on its founder, Tal Dilian, a senior former Israeli military intelligence operative, and is staffed by fellow Israeli spying veterans.
In March 2024, following years of damaging disclosures about Intellexa’s criminal activities, the US Treasury imposed sweeping sanctions on Dilian, his closest company confederates, and five separate commercial entities associated with Intellexa.
Predator: Watching, listening, extracting
Yet, these harsh measures were no deterrent to Intellexa’s operations. The company’s service offering has only evolved over time, becoming ever more difficult to detect and increasingly effective at infecting target devices. Typically, civil society, human rights activists, and journalists are in the firing line.
On 3 December, Google announced Intellexa’s targets numbered at least “several hundred,” with individuals based in Angola, Egypt, Kazakhstan, Pakistan, Saudi Arabia, Tajikistan, Uzbekistan, and elsewhere potentially affected.
As Intellexa's flagship tool, Predator infects target devices through “one-click” and “zero-click” methods, even embedding itself via online ads. Once installed, it silently plunders photos, passwords, messages, and chats on Signal, Telegram, and WhatsApp, in addition to microphone recordings.
This stolen data is then routed through a maze of anonymizing servers to its clients. These customers are overwhelmingly authoritarian governments, often targeting activists and journalists.
Predator also boasts a number of unique features designed to obscure its installation on a device from targets. For example, the spy tool assesses a device’s battery level and whether it is connected to the internet via SIM card data or WiFi. This allows for a bespoke extraction process, ensuring devices are not obviously drained of network or power, to avoid stoking user suspicion.
Aladdin’s Cave
If Predator senses it has been detected, the spyware will even “self-destruct” to leave no trace of its presence on an impacted device. The methods by which Intellexa installs its malign tech on target devices are just as ingenious and insidious.
On top of “one-click” attacks, Intellexa is a pioneer in the field of “zero-click” infiltration. Its resource ‘Aladdin’ exploits internet advertising ecosystems, so users need only view an ad – without interacting with it – for spyware to infect a device.
Such ads can appear on trusted websites or apps, resembling any other advert a user would normally see. This approach requires Intellexa to pin down a “unique identifier,” such as a user’s email address, geographical location, or IP address, to accurately serve them a malicious advert.
Intellexa’s government customers can often readily access this information, simplifying accurate targeting. Research published by Recorded Future, a US cybersecurity company, indicates Intellexa has covertly established dedicated mobile ad companies to create “bait advertisements,” including job listings, to lure in targets.
Aladdin has been under development since at least 2022 and has only grown more sophisticated over time. Troublingly, Intellexa is not the only firm active in this innovative spying field. Amnesty International suggests “advertisement-based infection methodologies are being actively developed and used by multiple mercenary spyware companies, and by specific governments who have built similar ADINT infection systems.”
That the digital advertising ecosystem has been subverted to hack the phones of unsuspecting citizens demands urgent industry action, which is as yet unforthcoming.
Just as disquietingly, a leaked Intellexa training video depicts how the spyware firm can “remotely access and monitor active customer Predator systems.” In effect, it is able to keep an eye on who its clients are spying on and the precise private data they are extracting – in real time.
Recorded in mid-2023, the video begins with an instructor connecting directly to a deployed Predator system via TeamViewer, a popular commercial remote access software. Its contents suggest Intellexa can view at least 10 different customer systems simultaneously.
This capability is amply highlighted in the leaked video, when a staff member asks their trainer if they are connecting to a testing environment. In response, they state a live “customer environment” is being accessed instead.
The instructor then initiates a remote connection, showing Intellexa staffers can access highly sensitive information collected by customers, including photos, messages, IP addresses, smartphone operating systems and software versions, and other surveillance data gathered from Predator victims.
The video also appears to show “live” Predator infection attempts against real-life targets of Intellexa’s clients. Detailed information is provided on at least one infection attempt targeting an individual based in Kazakhstan, including the malicious link they unwittingly clicked that enabled the infiltration of their device.
Elsewhere, domain names imitating legitimate Kazakhstani news websites, designed to trick users, are displayed. The Central Asian country, set to symbolically join the Abraham Accords, is a confirmed Intellexa client, and local youth activists have previously been targeted by the notorious, similarly Israeli-incubated Pegasus spyware.
Behind the screens: Legal murk and foreign access
The leaked video raises a number of grave concerns about Intellexa’s operations. For one, the shadowy, high-tech digital spying entity employed TeamViewer, about which major security concerns have long abounded, to access information on customer targets.
This raises obvious questions about who else might be able to pry on this trove, without the company’s knowledge. Moreover, there is no indication that Intellexa’s clients approved this access for the training process, or that the tutorial was conducted with even basic safeguards in place.
As such, the targets of Intellexa’s suite of spying resources not only face having their most sensitive secrets exposed to a hostile government without their knowledge or consent, but also to a foreign surveillance company in the process.
The extent to which Intellexa is cognisant of how its technology is used by its clients is a core point of contention in the ongoing Greek legal case. Historically, mercenary spyware companies have firmly insisted they are not privy to data nefariously seized by their customers. Amnesty International states:
The Israeli army occupied large
swathes of southern Syria after Assad’s government fell, and has refused to
withdraw despite Damascus vowing not to pose a threat to Tel Aviv
The Israeli military has carried
out over 600 attacks on Syria over the past year, according to a tally
conducted by Armed Conflict Location and Event Data (ACLED).
The majority of these attacks – including airstrikes from warplanes, drone strikes, and artillery bombardments – took place in southern Syria.
According to ACLED, Israel attacked Quneitra at least 232 times, Deraa at least 167 times, and the Damascus area at least 77 times between 8 December 2024 and 28 November 2025. This averages to about two attacks per day.
In the first weeks after Assad departed from Syria, Israel’s attacks destroyed the capabilities of the former Syrian military.
The ACLED report comes as Syria enters its first year since the fall of former Syrian president Bashar al-Assad’s government.
The Israeli army occupied large swathes of southern Syria the moment the Assad government collapsed. It has since established permanent outposts and has seized control over vital water sources – practically encircling the Syrian capital.
The occupation continues to expand as Israeli forces carry out almost daily raids.
In just three weeks, the Israeli army carried out more than 60 raids and incursions in Syria’s south, the Syrian Observatory for Human Rights (SOHR) said last month.
Six Israeli soldiers were wounded in a rare resistance operation in southern Syria early on 28 November.
The attack took place during the early hours of Friday as Israeli troops were carrying out an arrest raid in the village of Beit Jinn in the Damascus countryside. The Israeli army had raided the area to detain what it said were two members of the Muslim Brotherhood-affiliated Islamic Group (Jamaa al-Islamiyya). It claimed they had been plotting attacks on Israel.
The Israeli forces came under fire as they were leaving Beit Jinn with both men in custody.
As the soldiers came under fire, Israeli warplanes, drones, and helicopters carried out strikes on the area, killing at least 13 people.
Tel Aviv and the new Syrian government have been engaged in direct talks to reach a security arrangement since the start of the year. The Syrian government has vowed that it has no interest in confronting Israel and has reportedly made commitments to coordinate with Tel Aviv against Iran, Hezbollah, and the Axis of Resistance.
Despite this, Israel has shown no willingness to pull out from Syria and has linked the withdrawal to a comprehensive peace agreement. As a result, Syrian–Israeli negotiations are now said to be stalled, despite reports of progress in recent months.
Since coming to power in December last year, Syria’s new government – led by former Al-Qaeda chief Ahmad al-Sharaa – has been cracking down on Palestinian resistance factions, which for decades were given a safe haven in the country. The crackdown, which included arrests and asset seizures, came at the request of Washington.
Israeli Prime Minister Benjamin Netanyahu said on 2 December that Tel Aviv is open to a deal with Damascus but will not compromise its terms, one day after US President Donald Trump issued a veiled warning urging Israel against actions that “interfere with Syria’s evolution.”
“What we expect Syria to do is, of course, to establish a demilitarized buffer zone from Damascus to the [Israeli-held] buffer zone, and of course the approaches to Mount Hermon and the Hermon summit,” the Israeli premier said.
“In a positive atmosphere and with understanding of these principles, it is also possible to reach an agreement with the Syrians – but we will stand by our principles in any case,” Netanyahu concluded.
December 8, 2025
Kit KlarenbergLeaked training videos and new
evidence expose Intellexa as more than just a rogue surveillance company. The
Israeli firm stands as a pillar of Tel Aviv's global cyberwarfare
infrastructure, infiltrating phones worldwide through 'zero-click' methods, ad-based
infections, and covert partnerships with authoritarian governments.
An ongoing court case in Athens implicates Intellexa apparatchiks and local intelligence services in hacking the phones of government ministers, senior military officers, judges, and journalists. While Amnesty International exposes Intellexa’s spyware activities, it does not provide background on its founder, Tal Dilian, a senior former Israeli military intelligence operative, and is staffed by fellow Israeli spying veterans.
In March 2024, following years of damaging disclosures about Intellexa’s criminal activities, the US Treasury imposed sweeping sanctions on Dilian, his closest company confederates, and five separate commercial entities associated with Intellexa.
Predator: Watching, listening, extracting
Yet, these harsh measures were no deterrent to Intellexa’s operations. The company’s service offering has only evolved over time, becoming ever more difficult to detect and increasingly effective at infecting target devices. Typically, civil society, human rights activists, and journalists are in the firing line.
On 3 December, Google announced Intellexa’s targets numbered at least “several hundred,” with individuals based in Angola, Egypt, Kazakhstan, Pakistan, Saudi Arabia, Tajikistan, Uzbekistan, and elsewhere potentially affected.
As Intellexa's flagship tool, Predator infects target devices through “one-click” and “zero-click” methods, even embedding itself via online ads. Once installed, it silently plunders photos, passwords, messages, and chats on Signal, Telegram, and WhatsApp, in addition to microphone recordings.
This stolen data is then routed through a maze of anonymizing servers to its clients. These customers are overwhelmingly authoritarian governments, often targeting activists and journalists.
Predator also boasts a number of unique features designed to obscure its installation on a device from targets. For example, the spy tool assesses a device’s battery level and whether it is connected to the internet via SIM card data or WiFi. This allows for a bespoke extraction process, ensuring devices are not obviously drained of network or power, to avoid stoking user suspicion.
Aladdin’s Cave
If Predator senses it has been detected, the spyware will even “self-destruct” to leave no trace of its presence on an impacted device. The methods by which Intellexa installs its malign tech on target devices are just as ingenious and insidious.
On top of “one-click” attacks, Intellexa is a pioneer in the field of “zero-click” infiltration. Its resource ‘Aladdin’ exploits internet advertising ecosystems, so users need only view an ad – without interacting with it – for spyware to infect a device.
Such ads can appear on trusted websites or apps, resembling any other advert a user would normally see. This approach requires Intellexa to pin down a “unique identifier,” such as a user’s email address, geographical location, or IP address, to accurately serve them a malicious advert.
Intellexa’s government customers can often readily access this information, simplifying accurate targeting. Research published by Recorded Future, a US cybersecurity company, indicates Intellexa has covertly established dedicated mobile ad companies to create “bait advertisements,” including job listings, to lure in targets.
Aladdin has been under development since at least 2022 and has only grown more sophisticated over time. Troublingly, Intellexa is not the only firm active in this innovative spying field. Amnesty International suggests “advertisement-based infection methodologies are being actively developed and used by multiple mercenary spyware companies, and by specific governments who have built similar ADINT infection systems.”
That the digital advertising ecosystem has been subverted to hack the phones of unsuspecting citizens demands urgent industry action, which is as yet unforthcoming.
Just as disquietingly, a leaked Intellexa training video depicts how the spyware firm can “remotely access and monitor active customer Predator systems.” In effect, it is able to keep an eye on who its clients are spying on and the precise private data they are extracting – in real time.
Recorded in mid-2023, the video begins with an instructor connecting directly to a deployed Predator system via TeamViewer, a popular commercial remote access software. Its contents suggest Intellexa can view at least 10 different customer systems simultaneously.
This capability is amply highlighted in the leaked video, when a staff member asks their trainer if they are connecting to a testing environment. In response, they state a live “customer environment” is being accessed instead.
The instructor then initiates a remote connection, showing Intellexa staffers can access highly sensitive information collected by customers, including photos, messages, IP addresses, smartphone operating systems and software versions, and other surveillance data gathered from Predator victims.
The video also appears to show “live” Predator infection attempts against real-life targets of Intellexa’s clients. Detailed information is provided on at least one infection attempt targeting an individual based in Kazakhstan, including the malicious link they unwittingly clicked that enabled the infiltration of their device.
Elsewhere, domain names imitating legitimate Kazakhstani news websites, designed to trick users, are displayed. The Central Asian country, set to symbolically join the Abraham Accords, is a confirmed Intellexa client, and local youth activists have previously been targeted by the notorious, similarly Israeli-incubated Pegasus spyware.
Behind the screens: Legal murk and foreign access
The leaked video raises a number of grave concerns about Intellexa’s operations. For one, the shadowy, high-tech digital spying entity employed TeamViewer, about which major security concerns have long abounded, to access information on customer targets.
This raises obvious questions about who else might be able to pry on this trove, without the company’s knowledge. Moreover, there is no indication that Intellexa’s clients approved this access for the training process, or that the tutorial was conducted with even basic safeguards in place.
As such, the targets of Intellexa’s suite of spying resources not only face having their most sensitive secrets exposed to a hostile government without their knowledge or consent, but also to a foreign surveillance company in the process.
The extent to which Intellexa is cognisant of how its technology is used by its clients is a core point of contention in the ongoing Greek legal case. Historically, mercenary spyware companies have firmly insisted they are not privy to data nefariously seized by their customers. Amnesty International states:
“The finding that Intellexa had potential visibility into active surveillance operations of their customers, including seeing technical information about the targets, raises new legal questions about Intellexa’s role in relation to the spyware and the company’s potential legal or criminal responsibility for unlawful surveillance operations carried out using their products.”
The latest disclosures about
Intellexa have all the makings of a historic, international scandal, in the
precise manner that the use of Pegasus by state and corporate entities the
world over has elicited international outcry, criminal investigations, and
litigation lasting many years.
However, the proliferation of ominous private spying tools – and their industrial-scale abuse by paying customers – is no aberrant bug, but an intended upshot of Israel’s relentless crusade for cyberwarfare supremacy. In 2018, Israeli Prime Minister Benjamin Netanyahu boasted:
However, the proliferation of ominous private spying tools – and their industrial-scale abuse by paying customers – is no aberrant bug, but an intended upshot of Israel’s relentless crusade for cyberwarfare supremacy. In 2018, Israeli Prime Minister Benjamin Netanyahu boasted:
“Cybersecurity grows through cooperation, and cybersecurity as a business is tremendous ... We spent an enormous amount on our military intelligence and Mossad and Shin Bet. An enormous amount. An enormous part of that is being diverted to cybersecurity ... We think there is a tremendous business opportunity in the never-ending quest for security.”
This investment manifests in
almost every area of Israeli society. Numerous universities in Tel Aviv, with
state support, hone new technologies and train future generations of cyber
spies and digital warriors, who then join the ranks of the occupation's armed
forces.
Once their military service is complete, alumni frequently found companies at home and abroad offering the same monstrous services road-tested against Palestinians to private sector bodies and governments, without any oversight or guarantee that these resources will not be used for malevolent purposes.
The intelligence failures that enabled the success of Operation Al-Aqsa Flood on 7 October 2023 dealt a severe blow to Israel’s credibility as a cybersecurity leader while devastating its “Startup Nation” brand, with foreign investment in the entity’s tech industry collapsing precipitously.
The real scandal is not just the existence of companies like Intellexa. It is the international impunity they enjoy, the western partnerships they maintain, and the complicity of governments that turn a blind eye to Israeli cyberwarfare exported worldwide.
Once their military service is complete, alumni frequently found companies at home and abroad offering the same monstrous services road-tested against Palestinians to private sector bodies and governments, without any oversight or guarantee that these resources will not be used for malevolent purposes.
The intelligence failures that enabled the success of Operation Al-Aqsa Flood on 7 October 2023 dealt a severe blow to Israel’s credibility as a cybersecurity leader while devastating its “Startup Nation” brand, with foreign investment in the entity’s tech industry collapsing precipitously.
The real scandal is not just the existence of companies like Intellexa. It is the international impunity they enjoy, the western partnerships they maintain, and the complicity of governments that turn a blind eye to Israeli cyberwarfare exported worldwide.
No comments:
Post a Comment