Security news that informs and inspires

U.S. Sanctions Makers of Predator Spyware

By

In a first of its kind move, the Treasury Department has sanctioned two people and five organizations associated with the development, sale, and deployment of the Predator commercial spyware, which has been used to target journalists, activists, and other at-risk individuals in multiple countries for many years.

The sanctions by the Office of Foreign Asset Control target Tal Dilian, an Israeli citizen, Sara Hamou, a Polish citizen, and five separate entities that are part of the Intellexa Consortium, a group of companies in Europe that develop commercial spyware. Predator is one of the more notorious strains of commercial spyware and researchers have identified victims of Predator in many different countries. The OFAC sanctions mark the first time that the United States has used this weapon against the maker of a commercial spyware tool. As a result of the sanctions “all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked”.

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson.

The Intellexa Consortium includes several individual companies across Europe that develop commercial spyware tools and sell them under the Predator label. Researchers have discovered attacks in which operators have used zero-click exploits, which require no user interaction, to install Predator on victims’ devices. The entities sanctioned Tuesday by OFAC include Intellexa S.A., a Greek company; Intellexa Limited, an Irish company; Cytrox AD, a North Macedonian company; Cytrox Holdings ZRT, a Hungarian company; and Thalestris Limited, an Irish company.

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools."

“Since its founding in 2019, the Intellexa Consortium has acted as a marketing label for a variety of offensive cyber companies that offer commercial spyware and surveillance tools to enable targeted and mass surveillance campaigns,” the Treasury Department announcement says.

“The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes. Furthermore, the Predator spyware has been deployed by foreign actors in an effort to covertly surveil U.S. government officials, journalists, and policy experts.”

The U.S. government has used other similar measures to sanction commercial spyware vendors in the past, including a 2021 move in which the Department of Commerce added several vendors, including Candiru and NSO Group, to its entity list. That move also prevents U.S. people or organizations from doing business with those sanctioned entities.

The two individuals sanctioned by OFAC Tuesday are major figures in the Intellexa Consortium. Dilian is the founder of the consortium and Hamou “is a corporate off-shoring specialist who has provided managerial services to the Intellexa Consortium,” the announcement says.

In 2021, researchers from the Citizen Lab at the University of Toronto’s Munk School published a detailed report on Predator and some of the victims it had been used against, including exiled Egyptian politicians.