The infamous Predator mobile spyware operation publicly exposed in an amazing account last year Amnesty International revamped its malware distribution network and expanded its reach into Botswana and the Philippines.
Researchers from Recorded Future’s Insikt Group, who spotted Predator’s updated architecture, said the mercenary mobile spyware enterprise now operates in at least 11 countries with the addition of Botswana and the Philippines.
The updated, tiered malware network infrastructure includes distribution servers, upstream servers, and static IP addresses in 11 nations suspected to be Predator customers: Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, Philippines , Saudi Arabia, and Trinidad and Tobago.
“Although Predator stands out as a leading vendor of mercenary spyware, along with NSO Group’s Pegasus, the tactics, techniques and procedures [TTPs] that it uses during the delivery process have remained consistent over time, likely indicating their continued success,” the Insikt team he wrote in his findings.