← Back to database

Predaxia Research

Rayzone Piranha

Rayzone Group · Israel

ActiveCitizen Lab disclosures
3

Confidence 3/5

VendorRayzone Group
Country of originIsrael (Petah Tikva)
Founded2005
Product linePiranha (LTE IMSI catcher), Echo (SS7 geolocation), Geomatrix, InterApp
Current statusActive
US Entity ListNo
Notable disclosuresForbes (2020), Haaretz, Citizen Lab Predator-related research

Technical capabilities

Rayzone Group sells a portfolio of mobile-network intelligence and tactical interception products. The Piranha family is a portable LTE-capable cell-site simulator with passive and active modes, broadly comparable in operational role to L3Harris StingRay or Hailstorm equipment but engineered for export to non-Five-Eyes customers. Echo is a Signaling System 7 (SS7) and Diameter exploitation platform for cellular geolocation against subscribers worldwide, leveraging vulnerabilities in inter-carrier signaling protocols.

InterApp, a product family disclosed by Forbes in 2020, performs over-the-air smartphone data acquisition using a combination of cellular and Wi-Fi based attacks. Public technical detail on the exact capability set is limited.

Documented use

  • Bangladesh: Forbes (March 2020) reported sale of Piranha and InterApp to Bangladesh’s National Telecommunication Monitoring Centre.
  • Indonesia: Citizen Lab and Haaretz reporting (2023) documented Echo geolocation operations associated with Indonesian customers.
  • Mexico: reported procurement by federal entities (multiple Mexican press sources).
  • Singapore, Switzerland and others: reported in vendor exhibition records and procurement databases.

The exact mapping between Rayzone tooling and specific human-rights violations is less directly established than for Pegasus or Predator. The capabilities provided (SS7 geolocation, IMSI catchers) are by their nature tactical surveillance tools with substantial misuse potential.

Customer states

Public reporting identifies confirmed or strongly indicated customers in Bangladesh, Indonesia, Mexico, Singapore and unspecified Gulf states. Rayzone states compliance with Israeli Defense Export Controls Agency (DECA) licensing.

Legal and sanctions status

  • Not on the US Department of Commerce Entity List.
  • Not designated by US OFAC.
  • Subject to Israeli DECA export-licensing controls.
  • SS7 and Diameter exploitation is technically a vulnerability of telecommunications infrastructure rather than a product flaw; carriers globally have varying defensive postures against signaling-layer attacks.

Technical countermeasures

  • End-to-end encrypted messaging: defeats SS7-based metadata interception of message content. Signal recommended.
  • Disable 2G in handset settings: defeats one category of downgrade attacks used by IMSI catchers.
  • Avoid SMS for two-factor authentication: SMS is interceptable via SS7 manipulation. Prefer hardware security keys (FIDO2) or authenticator apps.
  • Airplane mode at protests and sensitive meetings: removes the device from cellular addressability.
  • Carrier choice and roaming awareness: SS7 geolocation requires inter-carrier visibility. Some carriers have implemented partial signaling firewalls.
  • Burner devices and SIMs: compartmented identity in high-risk threat models.
For at-risk individuals. SS7-based geolocation can target your phone from anywhere in the world if the operator has access to a carrier on the global signaling network. Disable SMS-based two-factor and assume cellular metadata is interceptable.

Update log

May 8, 2026: Entry created. Sourced from Forbes investigative reporting on the InterApp and Piranha product lines, Citizen Lab research into the Israeli surveillance ecosystem, Haaretz coverage, Privacy International SS7 vulnerability documentation, and Rayzone corporate disclosures.


There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.