The U.S. government on Tuesday accused two foreign commercial spyware vendors, Cytrox and Intellexa, of using cyber exploits to gain unauthorized access to devices and “threat the privacy and security of individuals and organizations around the world.” Added to economy block list.
This includes the company’s corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece (Intellexa SA) and Ireland (Intellexa Limited). Prohibit US companies from doing business with these companies by adding them to the economic denial list.
“Recognizing that surveillance technology is playing an increasingly important role in enabling campaigns of repression and other human rights violations, today’s action by the Department of Commerce will ensure that these organizations are using the surveillance tools that pose a danger. It targets the ability to access commodities, software and technology that could contribute to the development of human rights, at risk of abuse and abuse,” said the Bureau of Industry and Security (BIS).
Cytrox is the maker of a mobile mercenary spyware called Predator, similar to NSO Group’s Pegasus. It’s part of what’s called the Intellexa Alliance, a marketing label for a consortium of mercenary surveillance vendors founded in 2019, according to Citizen Lab at the University of Toronto.
The alliance is said to consist of Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., Cytrox and Senpai, although the exact relationship between Cytrox and Intellexa remains unclear to date.
Intellexa founder Tal Dilian describes himself as an intelligence professional with more than 25 years of experience in the Israel Defense Forces (IDF). Intellexa says on its website that it is a regulated company with six of his locations and R&D labs across Europe. Its flagship product is Nebula, which is touted as the “ultimate insight platform” to help law enforcement “stay ahead of criminal activity.”
Dillian was forced to retire from the IDF in 2003 after an internal investigation revealed allegations of mismanagement of funds, according to three former Israeli military officials, according to The New York Times. His website, meanwhile, states that he “retired from the military with honors” in 2002.
Earlier this May, Cisco Talos detailed the inner workings of Predator, noting that the monitoring tool uses a component called Alien to collect sensitive data from compromised devices. Predator also has an iOS version that was previously observed to be delivered using a single-click link sent via WhatsApp.
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
join today
Asheer Malhotra, a threat researcher at Cisco Talos, told The Hacker News at the time, “Alien is essential for Predator to function properly, including additional components that Predator loads on demand.” “The relationship between aliens and predators is highly symbiotic and requires continuous cooperation to monitor victims.”
The move comes after the United States in November 2021, when the U.S. government added Israeli companies NSO Group and Qandil to its list of entities developing software aimed at government officials, journalists, businessmen, activists, academics and embassy officials. based on the actions of
The move comes as the Biden administration signed an executive order restricting the use of commercial spyware by federal agencies.
Providers of such digital surveillance tools, which ostensibly sell them to law enforcement and intelligence agencies around the world to combat serious crimes and national security threats, are owned by members of civil society. It has been repeatedly exploited by various governments to covertly infiltrate targeted smartphones.
