U.S. Government Adds Cytrox and Intellexa to Economic Blocklist for Cyber Espionage

In a recent announcement, the U.S. government has blacklisted two foreign spyware vendors, Cytrox and Intellexa, due to their involvement in cyber espionage activities. These vendors have been accused of exploiting cyber vulnerabilities to gain unauthorized access to devices, posing a significant threat to the privacy and security of individuals and organizations globally.

The economic blocklist includes the corporate holdings of these companies in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece (Intellexa S.A.), and Ireland (Intellexa Limited). By imposing these restrictions, U.S. companies are prohibited from engaging in any transactions with these entities.

The Bureau of Industry and Security (BIS) stated that this action by the Commerce Department acknowledges the increasing role of surveillance technology in facilitating repression and human rights abuses. The objective is to limit these entities’ access to commodities, software, and technology that could be misused for surveillance purposes, leading to violations of human rights.

Cytrox is known for developing a mobile spyware named Predator, which is comparable to NSO Group’s Pegasus. The University of Toronto’s Citizen Lab identified Cytrox as part of the Intellexa Alliance, a consortium of surveillance vendors that emerged in 2019. The exact relationship between Cytrox and Intellexa remains somewhat unclear.

Intellexa, founded by Tal Dilian, describes itself as an intelligence expert with extensive experience in the Israel Defense Forces (IDF) spanning over 25 years. The company claims to be a regulated entity with multiple sites and research and development labs across Europe. Its flagship product, Nebula, is promoted as the “ultimate insights platform” aimed at assisting law enforcement in combating criminal activities.

According to the New York Times, Tal Dilian was compelled to retire from the IDF in 2003 following an internal investigation into suspicions of funds mismanagement. However, his website states that he retired with honors in 2002.

Earlier this year, Cisco Talos provided insights into the inner workings of Predator, highlighting the spyware’s use of a component called Alien to extract sensitive data from compromised devices. Predator also has an iOS counterpart that was previously observed being distributed through single-click links sent via WhatsApp.

The U.S. government’s decision builds upon previous actions taken in November 2021 when Israeli companies NSO Group and Candiru were added to the Entity List for developing software used to target individuals such as government officials, journalists, activists, and businesspeople.

This development coincides with an executive order signed by the Biden administration, which places restrictions on the use of commercial spyware by federal government agencies.

While these digital surveillance tools have been marketed to law enforcement and intelligence agencies worldwide as means to combat serious crimes and national security threats, they have often been misused by governments to covertly infiltrate the smartphones of individuals within civil society.