A Singaporean academic was targeted in a spyware campaign that ran between February and June 2023, according to a report by Amnesty International on Oct. 9, called "The Predator Files".

The X (formerly Twitter) account of a Senior Fellow at the S. Rajaratnam School of International Studies' (RSIS) Institute of Defence and Strategic Studies, Collin Koh Swee Lean, was one of at least fifty social media accounts targeted by another X account called @Joseph_Gordon16.

Other targets included the President of Taiwan, Tsai Ing-Wen, United Nations officials, U.S. senators and representatives, academic researchers working on security issues in the South China Sea and Vietnam, as well as political figures in the European Parliament.

The report stated that @Joseph-Gordon16 would send the targeted accounts links that appeared as South China Morning Post (SCMP) articles.

This included links with a URL such as "southchinapost.net".

The URL of the SCMP actual website is scmp.com.

Fake URLs would redirect the user to malicious websites that install the Predator spyware

Amnesty International added that clicking on the fake SCMP URLs would redirect users to a server that installed the Predator spyware on their devices.

The Predator spyware was developed by the Intellexa group, founded in 2018 by a former Israeli army officer, Tal Dilian and several of his associates.

The program can gain complete access to all data stored or transmitted from a target’s device.

It is also designed to leave no traces on the target device, rendering any independent audit of potential abuses impossible.

Koh: Did not know I was being spied upon until the report came out

Koh told The Straits Times that he did not know he was being spied upon until he saw Amnesty International's report.

He also did not recall clicking on any of the three links sent to him by @Joseph-Gordon16.

Koh, who is also a maritime security expert, added that he only clicks on links shared by people he knows and not those shared by unknown accounts as a matter of habit and principle.

In response to The Straits Times' queries, RSIS said it did not know of the spying attempts on Koh.

However, the institution pointed out that it has guidelines for social media usage and periodically reminds staff to be careful when dealing with suspicious links, especially if unknown sources share them.

Who is behind @Joseph-Gordon16?

Amnesty International further reported that the account appeared to be linked to an entity in Vietnam, despite the account giving its location as Singapore.

The report added that it had found evidence of sales of Intellexa's intelligence products to the Vietnamese Ministry of Public Security.

This suggests that agents or people acting on behalf of the Vietnamese authorities might be behind the campaign, the report speculated.

Singapore named as one of the countries which purchased the spyware

The report by Amnesty International followed an investigation by French investigative outlet Mediapart and German media Der Spiegel.

According to The Washington Post, the investigation found that 25 countries, including Singapore, had purchased the Predator spyware.

However, the report did not specify if the buyers were individuals, organisations or governments.

Other countries that were named included Qatar, the United Arab Emirates, Jordan, Pakistan and Vietnam.

Top screenshots via Amnesty International