Two people and five organizations connected to the Intellexa Alliance were sanctioned by the Office of Foreign Assets Control (OFAC) of the U.S. Department of Treasury for their part in “developing, operating, and distributing” commercial spyware intended to harm the nation’s policy experts, journalists, and government officials.

“The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal,” the FBI said.

“The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes.”

The Intellexa Alliance is a group of businesses, including Cytrox, that are connected to the Predator mercenary malware program. The business assets of Cytrox and Intellexa in Hungary, Greece, and Ireland were added to the Entity List by the U.S. government in July 2023.

Predator can penetrate Android and iOS devices utilizing zero-click assaults, which don’t need user involvement, much like NSO Group’s Pegasus. After it is deployed, the spyware gives its controllers the ability to gather private information and monitor specific targets.

According to OFAC, unidentified foreign entities have used Predator against journalists, policy experts, and members of the US government.

“In the event of a successful Predator infection, the spyware’s operators can access and retrieve sensitive information including contacts, call logs, and messaging information, microphone recordings, and media from the device,” the Treasury Department said.

The sanctions designations apply to the following individuals and entities –

Tal Jonathan Dilian (Dilian), the founder of the Intellexa Consortium

Sara Aleksandra Fayssal Hamou (Hamou), a corporate off-shoring specialist who has provided managerial services to the Intellexa Consortium

Intellexa S.A., a Greece-based software development company

Intellexa Limited, an Ireland-based company
Cytrox AD, a North Macedonia-based company that’s responsible for the development of Predator

Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings ZRT), a Hungary-based entity

The company Thalestris Limited, situated in Ireland, is in charge of distributing the Predator spyware.

It is noteworthy that the aforementioned economic blocklist was expanded to include Intellexa S.A., Intellexa Limited, Cytrox AD, and Cytrox Holdings ZRT in the previous year.

This development coincides with the operators’ decision to shut down their servers in response to fresh information from Recorded Future and Sekoia on Predator’s multi-tiered delivery architecture.

The U.S. government announced a new policy last month that would enable it to apply visa restrictions on foreign nationals implicated in the abuse of commercial spyware, coinciding with the arrival of the penalties against the Predator creators.

The OFAC designations are significant because, according to security researcher John Scott-Railton of Citizen Lab, this is the “first time they’re used against a mercenary spyware company.”

Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson stated, “The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world.”

SOURCE