Connect with us

Hi, what are you looking for?


Malware & Threats

US Sanctions Spyware Company and Executives Who Targeted American Journalists, Government Officials

The Treasury Department sanctioned individuals associated with Intellexa Consortium, maker of the powerful Predator Spyware.

The Treasury Department announced Tuesday it has sanctioned two people and a Greece-based commercial spyware company headed by a former Israeli military officer that developed, operated and distributed technology used to target U.S. government officials, journalists and policy experts.

The sanctions target Intellexa Consortium, which the U.S. says has sold and distributed commercial spyware and surveillance tools for targeted and mass surveillance campaigns. Other entities associated with Intellexa — including North Macedonia-based Cytrox AD, Hungary-based Cytrox Holdings ZRT and Ireland-based Thalestris Limited — were sanctioned for their parts in developing and distributing a package of tools known as Predator.

Biden administration officials said it marks the first time that the Treasury Department has sanctioned people or entities for the misuse of spyware.

Predator allows a user to infiltrate electronic devices through zero-click attacks that require no user interaction for the spyware to infect the device. The spyware, which has been used in dozens of countries, has allowed for the unauthorized extraction of data, geolocation tracking and access to personal information on compromised devices.

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” said Brian Nelson, Treasury undersecretary for terrorism and financial intelligence. “The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world.”

The Commerce Department last year blacklisted Intellexa and Cytrox, denying them access to U.S. technology.

Amnesty International’s Security Lab in October published a report that said that Predator had been used to target but not necessarily infect devices connected to the president of the European Parliament, Roberta Metsola, and the president of Taiwan, Tsai Ing-Wen, as well as Rep. Michael McCaul, R-Texas, and Sen. John Hoeven, R-N.D.

Europe has also suffered a number of spyware incidents. Predator spyware was reportedly used in Greece, a revelation that helped precipitate the resignation in 2022 of two top government officials, including the national intelligence director.

Advertisement. Scroll to continue reading.

In December 2021, digital sleuths at the University of Toronto’s Citizen Lab discovered Predator spyware on the iPhone of a leading exiled Egyptian dissident. In a joint probe with Facebook, Citizen Lab discovered that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.

Intellexa was created in 2019 by former Israeli military officer Tal Dilian. Dilian and Sara Hamou, a corporate off-shoring specialist who has provided managerial services to Intellexa, were also sanctioned.

John Scott-Railton, a senior researcher at Citizen Lab, called the sanctions “a major escalation in the American effort to pump the brakes on mercenary spyware proliferation.”

The sanctions targeting the developers of Predator come after the Biden administration last month unveiled a new policy that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware.

The Democratic administration’s visa policy applies to people who’ve been involved in the misuse of commercial spyware to target people including journalists, activists, perceived dissidents, members of marginalized communities or the family members of those who are targeted. The visa restrictions could also apply to people who facilitate or get financial benefit from the misuse of commercial spyware, officials said.

Related: Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks

RelatedUS Gov Mercenary Spyware Clampdown Hits Cytrox, Intellexa

Related: Spyware Firm Offering iOS, Android Hacking Services for $8 Million

Related: European Lawmaker Targeted With Cytrox Predator Surveillance Spyware

Related: Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware

Related: Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants

Written By


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...


An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.