According to Amnesty International, the Vietnamese government is believed to be responsible for a series of attempted Predator spyware infections. The targets included members of the U.S. Congress, European officials, and other high-profile individuals. This information was revealed in a report published by Amnesty International on Monday.

The campaign involved the use of a social media account on X (formerly Twitter). The account, now deleted, operated under the handle @Joseph_Gordon16 and attempted to entice targets into clicking on malicious links that would install the Predator malware. Predator is one of many commercial spyware apps that can transform smartphones into surveillance devices, enabling activities such as eavesdropping, password theft, and message interception.

In response to these developments, the Biden administration blacklisted two spyware vendors, Intellexa and Cytrox, associated with Predator. In addition, the report from Amnesty International outlined a network of vendors and resellers, led by Intellexa, that sells commercial spyware and hacking techniques to deliver malware. Through business records obtained by the European Investigative Collaborations, it was discovered that Vietnam’s Ministry of Public Security signed a multi-million euro deal with the makers of Predator spyware.

It is important to note that Amnesty International and security researchers from the University of Toronto’s Citizen Lab were not able to confirm any actual infections resulting from links disseminated by the @Joseph_Gordon16 account. Nonetheless, the researchers found evidence of a Vietnamese connection in the malicious links shared by the account.

This campaign targeted at least 50 social media accounts belonging to various individuals and institutions, including U.S. Representative Michael McCaul and U.S. Senator John Hoeven. Interestingly, President Joe Biden recently visited Hanoi as part of an effort to strengthen diplomatic relations between the United States and Vietnam.

Amnesty International also reported that the use of Predator spyware has been linked to a threat actor operating out of Vietnam, as identified by social media giant Meta. Amnesty’s separate report highlighted Intellexa’s web-based system called the “Cyber Operation Platform” and its associated products, which have been used in at least 25 countries across Europe, Asia, the Middle East, and Africa.

Amnesty International called attention to the concerning issue of highly invasive surveillance products being traded without oversight or accountability, emphasizing the need for stronger regulation and control over the export of such technologies.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles