Treasury’s Office of Foreign Assets Control (OFAC) designated two individuals and five entities associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware technology used to target Americans, including U.S. government officials, journalists, and policy experts.
“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson.
PREDATOR SPYWARE SOLD TO CUSTOMERS AROUND THE GLOBE
Since its founding in 2019, the Intellexa Consortium has acted as a marketing label for a variety of offensive cyber companies that offer commercial spyware and surveillance tools to enable targeted and mass surveillance campaigns. These tools are packaged as a suite of tools under the brand-name “Predator” spyware, which can infiltrate a range of electronic devices through zero-click attacks that require no user interaction for the spyware to infect the device. Once a device is infected by the Predator spyware, the spyware can be leveraged for a variety of information stealing and surveillance capabilities—this includes the unauthorized extraction of data, geolocation tracking, and access to a variety of applications and personal information on the compromised device.
The Intellexa Consortium, which has a global customer base, has enabled the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes. Furthermore, the Predator spyware has been deployed by foreign actors in an effort to covertly surveil U.S. government officials, journalists, and policy experts. In the event of a successful Predator infection, the spyware’s operators can access and retrieve sensitive information including contacts, call logs, and messaging information, microphone recordings, and media from the device.
SUMMIT FOR DEMOCRACY
In advance of the third Summit for Democracy, hosted by the Republic of Korea in Seoul on March 18, 2024. the designations align with steps announced in March 2023 around the second Summit for Democracy including the issuance of an Executive Order (E.O.) 14093 to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security; the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware; and the Guiding Principles on Government Use of Surveillance Technologies.
As described in E.O. 14093 and the White House Fact Sheet, commercial spyware has proliferated in recent years with few controls and a high risk of abuse.
KEY ENABLERS OF THE INTELLEXA CONSORTIUM
Tal Jonathan Dilian (Dilian) is the founder of the Intellexa Consortium, and is the architect behind its spyware tools. The consortium is a complex international web of decentralized companies controlled either fully or partially by Dilian, including through Sara Aleksandra Fayssal Hamou.
Sara Aleksandra Fayssal Hamou (Hamou), is a corporate off-shoring specialist who has provided managerial services to the Intellexa Consortium, including renting office space in Greece on behalf of Intellexa S.A. Hamou holds a leadership role at Intellexa S.A., Intellexa Limited, and Thalestris Limited.
Intellexa S.A. is a Greece-based software development company within the Intellexa Consortium and has exported its surveillance tools to authoritarian regimes. Intellexa S.A. was added to the Department of Commerce Entity List on July 18, 2023, for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.
Intellexa Limited is an Ireland-based company within the Intellexa Consortium and acts as a technology reseller and holds assets on behalf of the consortium. Intellexa Limited was added to the Department of Commerce Entity List on July 18, 2023, for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.
Cytrox AD is a North Macedonia-based company within the Intellexa Consortium and acts as a developer of the consortium’s Predator spyware. Cytrox AD was added to the Department of Commerce Entity List on July 18, 2023, for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.
Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings ZRT) is a Hungary-based entity within the Intellexa Consortium. Cytrox Holdings ZRT previously developed the Predator spyware for the group before production moved to Cytrox AD in North Macedonia. Cytrox Holdings ZRT was added to the Department of Commerce Entity List on July 18, 2023, for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.
Thalestris Limited is an Ireland-based entity within the Intellexa Consortium that holds distribution rights to the Predator spyware and acts as a financial holding company for the Consortium.
Comments
No comments on this item Please log in to comment by clicking here