The U.S. Treasury Department today sanctioned five individuals and one entity associated with the Intellexa Consortium for their role in “developing, operating, and distributing commercial spyware technology that resents a significant threat to the national security of the United States.”
Today’s action by the department’s Office of Foreign Assets Control (OFAC) follows a similar action in March that alleged that the consortium’s “Predator” spyware had been used to target U.S. government officials, journalists, and policy experts.
“The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal,” the Treasury Department said in March.
New Sanctions Against Predator Spyware Maker Intellexa
The March action targeted Intellexa founder Tal Jonathan Dilian, corporate off-shoring specialist Sara Aleksandra Fayssal Hamou, and Intellexa entities in Greece, Macedonia, Ireland and Hungary.
The new sanctions target other actors in the Intellexa organization, including: Felix Bitzios, the beneficial owner of an Intellexa Consortium company that OFAC said was used to supply Predator spyware to a foreign government client; Andrea Nicola Constantino Hermes Gambazzi, beneficial owner of Thalestris Limited and Intellexa Limited; Merom Harpaz, a top executive of the Intellexa Consortium; Panagiota Karaoli, the director of multiple Intellexa Consortium entities; Artemis Artemiou, general manager and member of the board of Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag; and Aliada Group Inc., a British Virgin Islands-based company and member of the Intellexa Consortium.
The U.S. action means that all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC, as well as any entities that are 50 percent or more owned by one or more blocked persons.
Financial institutions and individuals who engage in transactions or activities with the sanctioned entities and individuals “may expose themselves to sanctions or be subject to an enforcement action.”
“The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens,” Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said in a statement. “We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards.”
In a statement, State Department spokesman Matthew Miller said, “The United States remains steadfast in its commitment to use all available tools to counter the misuse of sophisticated surveillance technologies. These designations build upon previous sanctions announced on March 5, among other accountability measures including export controls and visa restrictions. We will continue to counter the proliferation and misuse of commercial spyware as we create a pathway for the responsible development of technologies that aligns with the protection of human rights, privacy, and democratic values around the world.”
Action Follows Spyware Activity by Russian Threat Actors
Predator spyware can be used to gain access to data stored and transmitted from a target’s device through one-click and zero-click attacks that require no user interaction for the spyware to infect the device.
A 2023 report by Amnesty International called Predator “a form of highly invasive spyware that by default gains total access to all data stored or transmitted from the target’s device, and that is designed to leave no traces on the target device, which would render any independent audit of potential abuses impossible.”
Russian state hackers were recently observed deploying exploits that bear an “identical or strikingly similar” resemblance to those from spyware companies NSO Group and Intellexa, raising concerns about the possible spread of commercial spyware to state-backed threat actors.
The U.S. action comes just days after Apple filed a motion to dismiss its lawsuit against NSO Group because of concern that the case could put “vital security information” at risk.
NSO, Candiru, Positive Technologies and Singapore’s Computer Security Initiative Consultancy were sanctioned by the U.S. Commerce Department in 2021.