The US authorities slapped sanctions on two individuals and five entities associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware used to target government officials, journalists, and policy experts.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) said in a statement that the Intellexa Alliance, which includes several companies such as Nexa Technologies, WiSpear/Passitora, Senpai and the Predator spyware developer Cytrox, has served as a marketing entity for numerous offensive cyber firms specializing in commercial spyware and surveillance solutions.

Predator is a suite of software designed for targeted and mass surveillance operations. Utilizing zero-click attacks, the Predator spyware can infiltrate a wide array of electronic devices without requiring any user interaction. Once installed, the spyware grants unauthorized access to sensitive data, enables geolocation tracking, and provides access to various applications and personal information stored on the compromised device.

The US sanctions targeted five companies in the Intellexa consortium, as well as the company’s founder, Tal Jonathan Dilian (Dilian), and one of the group’s top managers, Sara Aleksandra Fayssal Hamou (Hamou), who were sanctioned as individuals. The sanctioned companies are Greece-based Intellexa S.A., Ireland-based Intellexa Limited, North Macedonia-based Cytrox AD, Hungary-based Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings ZRT), and Ireland-based Thalestris Limited.

In July 2023, the US State Department added Cytrox and Intellexa to an economic blocklist for engaging in activities contrary to the national security or foreign policy interests of the United States. In early February, the US announced visa restrictions for individuals involved in the misuse of commercial spyware.