Intellexa Predator Spyware Operation

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.

"The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith.

"We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards."

Cybersecurity

The sanctioned individuals and entities are listed below -

  • Felix Bitzios, the beneficial owner of an Intellexa Consortium company that's believed to have supplied Predator to a foreign government client and the manager of Intellexa S.A.
  • Andrea Nicola Constantino Hermes Gambazzi, the beneficial owner of Thalestris Limited and Intellexa Limited, which are both members of the Intellexa Consortium
  • Merom Harpaz, a top executive of the Intellexa Consortium and the manager of Intellexa S.A.
  • Panagiota Karaoli, director of multiple Intellexa Consortium entities that are controlled by or are a subsidiary of Thalestris Limited
  • Artemis Artemiou, an employee of Intellexa S.A., as well as the general manager and member of the board of Cytrox Holdings, another member of the Intellexa Consortium
  • Aliada GroupInc., a British Virgin Islands-based company and member of the Intellexa Consortium has facilitated tens of millions of dollars of transactions

Thalestris Limited has been involved in processing transactions on behalf of other entities within the Intellexa Consortium, the Treasury said, adding that Aliada Group is directed by Tal Jonathan Dilian, the founder of the Intellexa Consortium.

The department described the consortium as a "complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products."

The development comes a little over six months after the Treasury sanctioned Dilian, Sara Aleksandra Fayssal Hamou, and five other entities, including Intellexa S.A., on similar grounds.

It also follows a resurgence of Predator spyware activity after a period of relative silence by likely customers in Angola, the Democratic Republic of the Congo (DRC), and Saudi Arabia using new infrastructure that's designed to evade detection.

Cybersecurity

"The latest evolution of Predator infrastructure includes an additional tier in its delivery infrastructure to improve customer anonymization and enhanced operational security in its server configurations and associated domains," Recorded Future said.

"Although Predator spyware operators have changed significant aspects of their infrastructure setup, including changes that make country-specific attribution more challenging, they have largely retained their mode of operation."

It also follows Apple's decision to file a motion to dismiss its lawsuit against NSO Group for reasons that court disclosures could endanger its efforts to combat spyware, that there are steps being taken to avoid sharing information related to the Pegasus spyware, and that the impact could be diluted as a result of an expanding spyware market with new emerging players.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.