The U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and policy experts in the country.
"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the agency said.
"The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes."
The Intellexa Alliance is a consortium of several companies, including Cytrox, linked to a mercenary spyware solution called Predator. In July 2023, the U.S. government added Cytrox and Intellexa, as well as their corporate holdings in Hungary, Greece, and Ireland, to the Entity List.
Predator, much like NSO Group's Pegasus, can infiltrate Android and iOS devices using zero-click attacks that require no user interaction. Once installed, the spyware makes it possible for the operators to harvest sensitive data and surveil targets of interest.
OFAC said unspecified foreign actors had deployed Predator against U.S. government officials, journalists, and policy experts.
"In the event of a successful Predator infection, the spyware's operators can access and retrieve sensitive information including contacts, call logs, and messaging information, microphone recordings, and media from the device," the Treasury Department said.
The sanctions designations apply to the following individuals and entities -
- Tal Jonathan Dilian (Dilian), the founder of the Intellexa Consortium
- Sara Aleksandra Fayssal Hamou (Hamou), a corporate off-shoring specialist who has provided managerial services to the Intellexa Consortium
- Intellexa S.A., a Greece-based software development company
- Intellexa Limited, an Ireland-based company
- Cytrox AD, a North Macedonia-based company that's responsible for the development of Predator
- Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings ZRT), a Hungary-based entity
- Thalestris Limited, an Ireland-based entity that holds distribution rights to the Predator spyware
It's worth noting that Intellexa S.A., Intellexa Limited, Cytrox AD, and Cytrox Holdings ZRT were added to the aforementioned economic blocklist last year.
The development comes as new revelations about Predator's multi-tiered delivery infrastructure from Recorded Future and Sekoia prompted the operators to shut down their servers.
The sanctions targeting the makers of Predator also arrived after the U.S. government unveiled a new policy last month that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware.
Citizen Lab security researcher John Scott-Railton described the OFAC designations as a huge deal, stating they mark the "first time they're used against a mercenary spyware company."
"The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world," said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
