US sanctions spyware firm, Israeli founder for tech targeting journalists, officials
Treasury raps Intellexa Consortium, founded in 2019 by Tal Dilian, over Predator software that allows unauthorized extraction of data
US authorities announced sanctions on Tuesday against two people and a Greece-based commercial spyware company headed by a former Israeli military officer that developed, operated and distributed technology used to target US government officials, journalists and policy experts.
The sanctions target the Intellexa Consortium, which the US says has sold and distributed commercial spyware and surveillance tools for targeted and mass surveillance campaigns. Other entities associated with Intellexa — including North Macedonia-based Cytrox AD, Hungary-based Cytrox Holdings ZRT and Ireland-based Thalestris Limited — were sanctioned for their parts in developing and distributing a package of tools known as Predator.
Predator allows a user to infiltrate electronic devices through zero-click attacks that require no user interaction for the spyware to infect the device. The spyware, which has been used in dozens of countries, has allowed for the unauthorized extraction of data, geolocation tracking and access to personal information on compromised devices.
Biden administration officials said it marks the first time that the Treasury Department has sanctioned people or entities for the misuse of spyware.
“The Predator spyware has been deployed by foreign actors in an effort to covertly surveil US government officials, journalists, and policy experts,” the Treasury said.
“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” said Brian Nelson, Treasury undersecretary for terrorism and financial intelligence.
“The United States remains focused on establishing clear guardrails for the responsible development and use of these technologies while also ensuring the protection of human rights and civil liberties of individuals around the world,” said Nelson.
Intellexa was created in 2019 by former Israeli military officer Tal Jonathan Dilian.
Dilian and his partner Sara Aleksandra Fayssal Hamou, a corporate off-shoring specialist who has provided managerial services to Intellexa, were also sanctioned as individuals.
Dilian was previously associated with NSO Group, creator of the notorious spyware Pegasus that landed Israel in some touchy diplomatic spats in recent years. NSO Group has been accused of selling its spyware to countries with poor human rights records, including Saudi Arabia, Mexico, Pakistan, Hungary, Azerbaijan and many more.
Forbes previously reported that Dilian took over Cytrox in 2019 to make Intellexa a “one-stop-shop” for hacking and electronic surveillance services and products.
According to marketing materials, Intellexa offered customers the ability to hack both Android and Apple’s iOS operating systems.
Amnesty International’s Security Lab published a report in October that said that Predator had been used to target, but not necessarily infect, devices connected to the president of the European Parliament, Roberta Metsola, and the president of Taiwan, Tsai Ing-Wen, as well as Rep. Michael McCaul, R-Texas, and Sen. John Hoeven, R-ND.
In December 2021, digital sleuths at the University of Toronto’s Citizen Lab discovered Predator spyware on the iPhone of a leading exiled Egyptian dissident. In a joint probe with Facebook, Citizen Lab discovered that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.
In July last year, Washington blacklisted Greece- and Ireland-incorporated units of Intellexa. They were placed on the Commerce Department’s Entities List, which tightly restricts Americans from doing business with them.
Haaretz reported in June 2023 that state-owned defense contractor Israel Aerospace Industries was an early investor in Cytrox, but sold its shares around early 2019 to Intellexa.
The new sanctions come after the Biden administration last month unveiled a new policy that will allow it to impose visa restrictions on foreign individuals involved in the misuse of commercial spyware.
Five companies were also hit with sanctions, according to the announcement Tuesday, over activities such as exporting Intellexa’s surveillance tools to authoritarian regimes and working as a developer of the Predator spyware.