Numerous delivery servers leveraged by Predator spyware have been taken down by the spyware's operators following separate reports from Recorded Future's Insikt Group and Sekoia exposing its infrastructure, according to CyberScoop.
Such a development comes months after the spyware's infrastructure had been initially dismantled by operators after a report from Amnesty International's Security Lab and various news outlets provided insights on its utilization against journalists, politicians, and civil society. Despite the takedown, Predator has emerged months later using largely similar infrastructure, noted Insikt Group report lead author Julian-Ferdinand Vogele, who added that the spyware could still resurface amid pressure from its clients. However, Vogele said that operators of Predator could work more on differentiating the next reincarnation of its infrastructure. "The second in-depth public reporting on their infrastructure might now compel them to rebuild in a more substantial and distinct manner this time," said Vogele.
