The US Treasury Department has slapped sanctions on five individuals and one entity associated with the Intellexa Consortium, a global business caught creating and distributing commercial spyware for targeted and mass surveillance campaigns.
The latest round of sanctions are part of a broader US government effort to combat the proliferation and misuse of commercial spyware and surveillance tools and comes just days after Apple abruptly abandoned its lawsuit against Israel’s NSO Group.
Intellexa Consortium, founded by previously sanctioned Tal Jonathan Dilian, is described as a complex international network of companies that developed and sold the ‘Predator’ spyware that exploited software bugs in iOS and Android platforms.
According to the US Treasury’s Office of Foreign Assets Control (OFAC), those sanctioned sanctioned include:
- Felix Bitzios — identified as the beneficial owner of an Intellexa Consortium company that was used to supply Predator spyware to a foreign government client. A Greek national, Bitzios also acted as the manager of Intellexa S.A., another company in the Intellexa Consortium.
- Andrea Nicola Constantino Hermes Gambazzi — named as the beneficial owner of Thalestris Limited and Intellexa Limited, members of the Intellexa Consortium group of companies. Thalestris Limited holds distribution rights to the Predator spyware, and is the parent company to Intellexa S.A. Thalestris Limited has been involved in processing transactions on behalf of other entities within the Intellexa Consortium.
- Merom Harpaz — pinpointed as a top executive of the Intellexa Consortium, and acted as a manager of Intellexa S.A.
- Panagiota Karaoli is the director of multiple Intellexa Consortium entities that are controlled by or are a subsidiary of Thalestris Limited.
- Artemis Artemiou — tagged as the general manager and member of the board of Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings), a member of the Intellexa Consortium that was designated pursuant to E.O. 13694, as amended. Artemiou is also an employee of Intellexa S.A.
- Aliada Group — British Virgin Islands-based company and member of the Intellexa Consortium, has enabled tens of millions of dollars of transactions involving the network. The Aliada Group is directed by Dilian. The Aliada Group was associated with Intellexa S.A. and Intellexa Limited, and held shares in Cytrox Holdings.
The government explained that the Intellexa Consortium is a complex international web of decentralized companies that built and commercialized highly invasive spyware products for mobile devices.
“Successful Predator spyware attacks can provide the spyware’s operators with access to sensitive information on the victim’s device, including photos, geolocation data, personal messages, and microphone records,” the Department said, noting that past targets of Intellaxa spyware products include government officials, journalists, policy experts, and opposition politicians.
The sanctions come just days after Apple dropped its lawsuit against NSO Group, citing increased risk that the case would unintentionally reveal sensitive vulnerability data to the very company accused of hacking its iOS and macOS platforms.
In dropping the case, Apple pointed to shifting dynamics in the commercial spyware industry and cautioned that even a legal victory might have limited impact on the broader surveillance software landscape that includes companies like Intellexa.
“Defendants have been partly supplanted by numerous other spyware companies, dispersing threats that were once concentrated in a single powerful actor; consequently, even a complete victory in this suit would not have the same impact as in 2021, as other unaffiliated spyware companies would remain unaffected and could continue their destructive tactics,” Cupertino said.
Related: Russian APT Reusing Exploits From Spyware Merchant Intellexa
Related: US Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa
Related: Predator Spyware Resurfaces With Fresh Infrastructure
Related: US Sanctions Spyware Company and Execs Targeting American Journalists
Related: Google Links Over 60 Zero-Days to Commercial Spyware Vendors