Israeli Telecom Infrastructure Used Spyware to Track Phones in Thailand, South Africa, Norway, Bangladesh, Malaysia

Israeli telecom infrastructure was used to track citizens in more than ten countries over the past three years, according to a report published by the digital research group Citizen Lab and reviewed in recent weeks by Haaretz.

The investigation, as described by Daily Sabah and Yeni Safak English, says the infrastructure ranged from “1970s-era networks” to “the most modern 5G systems” and was transformed into “tracking devices” using “sophisticated spyware programs.”

CyberScoop

Daily Sabah reports that “Since November 2022, more than 15,700 attempts have been made to determine the location of phones” in countries including Thailand, South Africa, Norway, Bangladesh, and Malaysia.

Yeni Safak English repeats that “More than 15,700 location attempts were made across countries including Thailand, South Africa, Norway, Bangladesh, and Malaysia,” describing the same shift from legacy networks to modern systems.

Haaretz adds that the findings expose how “efforts to upgrade phone network infrastructures built in the 1970s for the smartphone era still leave even the most advanced devices exposed to surveillance.”

In the account reviewed by Haaretz, Citizen Lab describes “two separate tracking operations,” each “likely run by a commercial firm selling surveillance technologies to governments around the world.”

Haaretz further says one operation exploited Israeli geolocation technology using networks belonging to 019Mobile and Partner Communications, while a second operation is linked to a Swiss firm connected to a 2023 Haaretz investigation.

The Citizen Lab investigation described by Haaretz, Daily Sabah, and Yeni Safak English centers on how surveillance firms exploited telecom signaling systems to locate phones.

Haaretz says the Swiss firm at the center of a 2023 investigation enabled companies like Rayzone to impersonate cellular carriers and connect to legacy mobile networks, exploiting “an older telecom signaling protocol called SS7 for surveillance purposes.”

CyberSecurityNews

Daily Sabah similarly reports that Internal documents seen by Haaretz revealed that Verint, the parent company of Cognyte, sold an SS7-based tracking system called SkyLock to a government client in the Democratic Republic of Congo.

Both Daily Sabah and Yeni Safak English describe SS7’s original purpose, with Yeni Safak English stating it was “originally designed to route calls and texts, support roaming, and enable interoperability.”

Haaretz adds that British regulators banned the practice “last week” to crack down on tracking spyware, calling it “the largest source of malicious traffic to mobile networks.”

The investigation also points to newer systems being exploited: Daily Sabah says “Next-generation Diameter systems that manage 4G/5G networks were also exploited,” while Haaretz describes Diameter as “a mobile network system that handles 4G international roaming and most 5G networks.”

Another technique highlighted across the accounts is SIMjacking, described by Daily Sabah as “One of the most notable cyberattack techniques used” where “a hidden SMS message, invisible to the user, is sent to the target phone.”

Yeni Safak English defines SIMjacking as “sending a hidden SMS that forces the SIM card to share the device’s location,” tying the method to the same tracking campaigns.

The reporting names specific telecom and surveillance-linked entities as part of the tracking operations, while also recording denials and non-responses.

“Israeli telecom infrastructure was used to track citizens in more than 10 countries over the past three years, according to a report published recently by the digital research group Citizen Lab”

Daily Sabah

Haaretz says that in the first operation uncovered by Citizen Lab, researchers “logged more than 500 location-tracking attempts between November 2022 and 2025 across Thailand, South Africa, Norway, Bangladesh, Malaysia and several other African countries,” and that “An Israeli carrier, 019Mobile, was used in the operation.”

Haaretz adds that “dozens of separate tracking attempts appear to have passed through 019's servers,” and that Citizen Lab found “addresses registered to 019 were used to send location-tracking requests through Partner Communications.”

Haaretz also says “Another route passed through Exelera Telecom,” describing it as “an Israeli company that provides cloud and communications services, including an international undersea fiber-optic cable,” and notes that “Exelera did not respond to Haaretz's request for comment.”

Daily Sabah and Yeni Safak English both say phone-tracking operations were carried out through “the networks of the Israeli telecommunications companies 019Mobile and Partner Communications,” with 019Mobile responding that it is a virtual operator and that its identity may have been impersonated.

In Haaretz’s account, 019Mobile’s head of security, Gil Nagar, denied involvement by writing that the company is “a virtual operator, selling service over another carrier's network without running its own,” and that messages sent in its name would have been “rejected.”

The reporting also points to the surveillance-technology supply chain: Daily Sabah says Internal documents revealed that Verint, parent of Cognyte, sold SkyLock to a government client in the Democratic Republic of Congo.

Haaretz adds that Citizen Lab flags potential suspects including Cognyte, and that “Internal files obtained by Haaretz show that Cognyte's parent company, Verint, sold a product called SkyLock - an SS7-based tracking tool - to a government client in the Democratic Republic of Congo.”

A separate thread in the provided reporting describes how Iran’s surveillance infrastructure—especially street cameras—became a strategic weakness that could be exploited.

The non-English outletنون بوست frames the question around “How did Israel turn Iran's surveillance cameras into an assassination weapon?” and says that after the assassination of several first-tier leaders in Iran, people asked how Israel achieved “this level of intrusion inside a state saturated with security and surveillance.”

Haaretz

It says Western reports, including the Associated Press and the Financial Times, spoke of “an Israeli breach of Tehran's traffic-camera network” and its use to monitor guards at sensitive compounds and “build digital dossiers on their movements.”

The article links Iran’s surveillance expansion to the “Women, Life, Freedom” protests in late 2022 after the killing of Mahsa Amini for not wearing the hijab properly, and it says Iranian authorities launched a broad digital-surveillance project.

It reports that the police announced in April 2023 the installation of smart cameras in streets to send warning messages to women who did not wear hijab, aiming to “prevent resistance to the law.”

The reporting says a Reuters report at the time explained authorities planned to use facial-recognition to match images against the national database and punish hijab violators, in the absence of a personal-data-protection law.

It also cites a United Nations report in March 2025 saying Iran uses road cameras and drone-mounted cameras and facial-recognition technology and the Nazar app to enforce hijab, and that it intensified sanctions and social exclusion for violators.

The article then describes an Associated Press report in March 2026 saying Tel Aviv hacked most of Tehran’s traffic cameras and moved their data to servers in Israel, using AI to build “lifestyles” for personal guards.

The provided reporting also includes an Israeli government warning that ties online recruitment to intelligence activity, reinforcing the broader theme of surveillance and intrusion.

وكالة شهاب الإخبارية says that on Thursday, “the Israeli occupation police and the Shin Bet (General Security Service) warned of attempts that they say are being driven by Iranian intelligence to recruit Israelis via social media networks.”

TechCrunch

The joint statement urged the public to “avoid any online contact with entities suspected of links to Iranian intelligence or carrying out any tasks under their guidance,” especially amid “the ongoing military escalation and the war between Israel and Iran.”

The statement said that “in the past year there has been a noticeable increase in recruitment attempts on social media platforms,” with the goal of gathering information about “strategic targets inside the state, including the locations of prominent figures and sensitive infrastructure.”

It added that these activities continued “during the current period of American-Israeli military escalation against Iran,” and that the police and Shin Bet were “working to track and arrest Israelis suspected of contacting Iranian intelligence elements.”

The article reports that “since the outbreak of the war Israel launched against Iran in June last year,” Israeli security agencies disclosed “16 security cases involving Israelis suspected of establishing ties with Iranian intelligence entities and carrying out tasks under their direction.”

It says authorities filed charges described as serious, including “multiple security violations,” and that “the courts have ordered their detention until the judicial proceedings are completed.”

The statement concluded by urging citizens to “immediately report any recruitment attempts or suspicious online contact,” warning that contact with hostile foreign entities could be considered “a serious security violation punishable by law with imprisonment.”