Pierluigi Paganini March 05, 2024

The U.S. government sanctioned two individuals and five entities linked to the development and distribution of the Predator spyware used to target Americans.

Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and distribution of the commercial Predator spyware used to target Americans. The surveillance software was also used to spy on U.S. government officials, journalists, and policy experts. The Department of the Treasury warns that the proliferation of commercial spyware poses growing risks to the United States. Surveillance software was misused by foreign actors in attacks aimed at dissidents and journalists around the world. 

The Intellexa Consortium was created in 2019, it has acted as a marketing umbrella for various offensive cyber companies that provide commercial spyware and surveillance tools designed for targeted and mass surveillance campaigns. The name “Predator” spyware was used to refer to a collection of surveillance tools that allows to compromise victims’ devices through zero-click attacks.

Predator spyware is known for its extensive data-stealing and surveillance capabilities.

“The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes.” reads the press release published by the Office of Foreign Assets Control (OFAC). “Furthermore, the Predator spyware has been deployed by foreign actors in an effort to covertly surveil U.S. government officials, journalists, and policy experts. In the event of a successful Predator infection, the spyware’s operators can access and retrieve sensitive information including contacts, call logs, and messaging information, microphone recordings, and media from the device.”

The sanctioned individuals are the Intellexa Consortium’s Israeli founder, Tal Jonathan Dilian, and Polish corporate specialist, Sara Aleksandra Fayssal Hamou.

The US government also sanctioned the following companies:

• Intellexa S.A. is a Greece-based software development company within the Intellexa Consortium and has exported its surveillance tools to authoritarian regimes.
• Intellexa Limited is an Ireland-based company within the Intellexa Consortium and acts as a technology reseller and holds assets on behalf of the consortium.
• Cytrox AD is a North Macedonia-based company within the Intellexa Consortium and acts as a developer of the consortium’s Predator spyware.
• Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings ZRT) is a Hungary-based entity within the Intellexa Consortium. Cytrox Holdings ZRT previously developed the Predator spyware for the group before production moved to Cytrox AD in North Macedonia.
• Thalestris Limited is an Ireland-based entity within the Intellexa Consortium that holds distribution rights to the Predator spyware and acts as a financial holding company for the Consortium.   

In February 2024, the U.S. State Department announced it is implementing a new policy to impose visa restrictions on individuals involved in the misuse of commercial spyware.

The policy underscores the U.S. government’s commitment to addressing the misuse of surveillance software, which poses a significant threat to society.

The policy specifically addresses the abuse of commercial spyware for unlawfully surveilling, harassing, suppressing, or intimidating individuals.

Visa restrictions target individuals believed to facilitate or derive financial benefit from the misuse of commercial spyware and also surveillance companies that act on behalf of governments.

The restrictions are extended to the immediate family members of the targeted individuals, including spouses and children of any age.

In March 2023, the US Government issued an Executive Order on the prohibition on use by the United States Government of commercial spyware that poses risks to national security.

In July 2023, the Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems.

The Entity List maintained by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) is a trade control list created and maintained by the U.S. government. It identifies foreign individuals, organizations, companies, and government entities that are subject to specific export controls and restrictions due to their involvement in activities that threaten the U.S. national security or foreign policy interests.

The U.S. Government warns of the key role that surveillance technology plays in surveillance activities that can lead to repression and other human rights abuses.

The Commerce Department’s action targeted the above companies because their technology could contribute to the development of surveillance tools that pose a risk of misuse in violations or abuses of human rights.

The financial entities added to the Entity List include Intellexa S.A. in Greece, Cytrox Holdings Crt in Hungary, Intellexa Limited in Ireland, and Cytrox AD in North Macedonia.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – ransomware, Predator spyware)