The US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and five entities associated with the Intellexa Alliance for their roles in the “development, management, and distribution” of commercial spyware designed to target officials government officials, journalists and political experts in the country.
“The proliferation of commercial spyware poses distinct and growing risks to U.S. security and has been misused by foreign actors to enable human rights abuses and target dissidents around the world for repression and retaliation,” he said the agency.
“The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes.”
The Intellexa Alliance is a consortium of several companies, including Cytrox, linked to a mercenary spyware solution called Predator. In July 2023, the US government added Cytrox and Intellexa, as well as their corporate holdings in Hungary, Greece, and Ireland, to the Entity List.
Predator, just like NSO Group’s Pegasus, can infiltrate Android and iOS devices using zero-click attacks that require no user interaction. Once installed, spyware allows operators to collect sensitive data and surveil targets of interest.
OFAC said unspecified foreign actors have used Predator against U.S. government officials, journalists and policy experts.
“Should a successful Predator infection occur, the spyware operators can access and retrieve sensitive information including contacts, call logs and message information, microphone recordings, and media content from the device,” the Treasury Department said.
The sanctions designations apply to the following individuals and entities:
- Tal Jonathan Dilian (Dilian), the founder of the Intellexa Consortium
- Sara Aleksandra Fayssal Hamou (Hamou), corporate offshoring specialist who provided managerial services to the Intellexa Consortium
- Intellexa SA, a software development company based in Greece
- Intellexa Limited, a company based in Ireland
- Cytrox AD, a North Macedonia-based company responsible for the development of Predator
- Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings ZRT), the entity based in Hungary
- Thalestris Limited, an Ireland-based entity that holds the distribution rights to the Predator spyware
It is worth noting that Intellexa SA, Intellexa Limited, Cytrox AD and Cytrox Holdings ZRT were added to the above-mentioned economic bloc list last year.
The development comes as new revelations about Predator’s multi-tier delivery infrastructure from Recorded Future and Sekoia required operators to shut down their servers.
The sanctions against the makers of Predator also came after the US government unveiled a new policy last month that will allow it to impose visa restrictions on foreign entities involved in the misuse of commercial spyware.
John Scott-Railton, security researcher at Citizen Lab described OFAC designations as a major problem, stating that they mark the “First time they have been used against a mercenary spyware company.”
“The United States remains focused on creating clear barriers to the responsible development and use of these technologies, while ensuring the protection of the human rights and civil liberties of individuals around the world,” said the Under Secretary of the Treasury for terrorism and financial intelligence Brian E. Nelson.