The U.S. Treasury Department has imposed new sanctions against five executives and one entity associated with the Intellexa Consortium for their involvement in the development, operation, and distribution of the commercial spyware “Predator.”
“The United States will not tolerate the reckless spread of disruptive technologies that threaten our national security and undermine our citizens’ privacy and civil rights,” said Acting Under Secretary of the Treasury for Counterterrorism and Financial Intelligence Bradley T. Smith.
“We will continue to hold accountable those who permit the proliferation of exploitative technologies, and encourage their responsible development in line with international standards.”
The individuals and entities sanctioned are:
- Felix Bitzios is the beneficial owner of Intelexa Consortium Ltd, which allegedly supplied Predator to foreign government clients, and is manager of Intelexa SA.
- Andrea Nicola Costantino Hermes Gambazzi, beneficial owner of Thalestris Limited and Intellexa Limited, members of the Intellexa Consortium
- Merom Harpaz, Chief Executive Officer of the Intellexa Consortium and Manager of Intellexa SA;
- Panagiota Karaoli, a director of several Intelexa consortia controlled or owned by Talestris Limited
- Artemis Artemiu, an employee of Intellexa SA and general manager and director of Cytrox Holdings, another member of the Intellexa consortium;
- Alida Group, based in the British Virgin Islands, is a member of the Intelexa Consortium and has facilitated transactions worth tens of millions of dollars.
Treasury said Talestris Limited had been involved in processing the transactions on behalf of other entities in the Intelexa Consortium, adding that the Aliada Group was led by Intelexa Consortium founder Tal Jonathan Dillian.
The department described the consortium as “a complex international network of distributed companies that have built and commercialized a comprehensive suite of highly intrusive spyware products.”
The move comes just over six months after the Treasury imposed sanctions on five other companies, including Dirian, Sarah Alexandra Faisal Hamou and Intelexa SA, for similar reasons.
It also follows a resurgence of Predator spyware activity after a period of relative quiet, with potential customers in Angola, the Democratic Republic of Congo (DRC) and Saudi Arabia using new infrastructure designed to evade detection.
“The latest evolution of the Predator infrastructure includes additional layers to its delivery infrastructure to improve customer anonymity and enhance the operational security of its server configurations and associated domains,” Recorded Future said.
“The operators of the Predator spyware have altered key aspects of their infrastructure configuration, including changes that make country attribution more difficult, but have largely maintained their mode of operation.”
This also follows Apple’s decision to file a motion to dismiss the lawsuit against NSO Group on the grounds that disclosure in court could jeopardize anti-spyware efforts, that steps have been taken to avoid sharing information related to the Pegasus spyware, and that its influence could be diluted as a result of the expansion of the spyware market due to the emergence of new spyware players.
