The Treasury Department announced recently it had sanctioned two people and a Greece-based commercial spyware company headed by a former Israeli military officer that developed, operated and distributed technology used to target U.S. government officials, journalists, and policy experts.

The sanctions target Intellexa Consortium, which the U.S. says has sold and distributed commercial spyware and surveillance tools for targeted and mass surveillance campaigns. Other entities associated with Intellexa, including North Macedonia-based Cytrox AD, Hungary-based Cytrox Holdings ZRT and Ireland-based Thalestris Limited, were sanctioned for their parts in developing and distributing a package of tools known as Predator.

Biden administration officials said it marks the first time that the Treasury Department has sanctioned people or entities for the misuse of spyware.

Predator allows a user to infiltrate electronic devices through zero-click attacks that require no user interaction for the spyware to infect the device. The spyware, which has been used in dozens of countries, has allowed for the unauthorized extraction of data, geolocation tracking and access to personal information on compromised devices.

“This actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” said Brian Nelson, Treasury undersecretary for terrorism and financial intelligence. “The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world.”

The Commerce Department last year blacklisted Intellexa and Cytrox, denying them access to U.S. technology.

Amnesty International’s Security Lab in October published a report that said that Predator had been used to target but not necessarily infect devices connected to the president of the European Parliament, Roberta Metsola, and the president of Taiwan, Tsai Ing-Wen, as well as Representative Michael McCaul, R-TX, and Sen. John Hoeven, R-ND.

Europe has also suffered a number of spyware incidents. Predator spyware was reportedly used in Greece, a revelation that helped precipitate the resignation in 2022 of two top government officials, including the national intelligence director.

In December 2021, digital sleuths at the University of Toronto’s Citizen Lab discovered Predator spyware on the iPhone of a leading exiled Egyptian dissident. In a joint probe with Facebook, Citizen Lab discovered that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.

Intellexa was created in 2019 by former Israeli military officer Tal Dilian. Dilian and Sara Hamou, a corporate off-shoring specialist who has provided managerial services to Intellexa, were also sanctioned.

John Scott-Railton, a senior researcher at Citizen Lab, called the sanctions “a major escalation in the American effort to pump the brakes on mercenary spyware proliferation.”

The sanctions targeting the developers of Predator come after the Biden administration unveiled a new policy in February that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware.

The Democratic administration’s visa policy applies to people who’ve been involved in the misuse of commercial spyware to target people including journalists, activists, perceived dissidents, members of marginalized communities or the family members of those who are targeted. The visa restrictions could also apply to people who facilitate or get financial benefit from the misuse of commercial spyware, officials said.

Aamer Madhani

Associated Press


Stephanie Scarbrough (AP) and Bill Perry (via Shutterstock)