US sanctions Intellexa consortium entities in Hungary and North Macedonia for spyware development

US sanctions Intellexa consortium entities in Hungary and North Macedonia for spyware development
OFAC says companies in Hungary and North Macedonia sanctioned for developing Intellexa's Predator spyware. / bne IntelliNews
By bne IntelliNews March 6, 2024

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) said on March 5 it imposed sanctions on five companies associated with the Intellexa Consortium, a developer and distributor of spyware software, including entities from North Macedonia and Hungary.

Among the targeted entities are Cytrox AD from North Macedonia and Cytrox Holding from Hungary, along with Greek company Intellexa S.A., as well as Intellexa Limited and Thalestris Limited from Ireland. Additionally, two individuals linked to the consortium have also been placed under sanctions.

The sanctions were imposed due to the consortium's role in developing, operating, and distributing commercial spyware technology that has been used to target Americans, including US government officials, journalists, and policy experts.

The proliferation of such commercial spyware presents a growing security risk to the United States and has been exploited by foreign actors for human rights abuses and the targeting of dissidents worldwide.

Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson stressed the importance of the sanctions, stating:"Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens."

He mentioned the US commitment to establishing clear guidelines for the responsible development and use of such technologies while safeguarding human rights and civil liberties globally.

Since its establishment in 2019, the Intellexa Consortium has acted as a marketing label for various offensive cyber companies offering commercial spyware and surveillance tools.

The flagship product, known as the Predator spyware suite, is capable of infiltrating electronic devices through zero-click attacks, requiring no user interaction for infection. This software has been deployed by foreign actors in covert surveillance campaigns targeting US government officials, journalists, and policy experts.

The Predator spyware, once successfully installed, allows operators to access sensitive information, including contacts, call logs, messaging data, microphone recordings, and media from the infected device.

As a result of the sanctions, all property and interests in property of the designated entities and individuals within the United States or under the control of US persons are now blocked and must be reported to OFAC. Furthermore, any entities owned 50% or more by the sanctioned individuals or companies are also subject to the same restrictions.

Cytrox AD, situated in North Macedonia was the developer of the consortium's Predator spyware. Meanwhile, Cytrox Holdings ZRT based in Hungary, is another entity within the Intellexa Consortium which was initially responsible for developing the Predator spyware, with production subsequently shifting to North Macedonia’s unit.