US Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage
The US government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to its economic block list for weaponizing cyber exploits to gain unauthorized access to devices and “threaten the privacy and security of individuals and organizations around the world.”
This includes corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece (Intellexa SA), and Ireland (Intellexa Limited). By adding to the list of economic denials, it prohibits US companies from transacting with this business.
“Recognizing the growing importance of surveillance technology in enabling campaigns of repression and other human rights violations, the Department of Commerce’s action today targets these entities’ ability to access commodities, software, and technology that may contribute to the development of surveillance tools that pose a risk of abuse in violations or abuse of human rights,” Bureau of Industry and Security (BIS) said.
Cytrox is a mobile mercenary spyware maker called Predator which is similar to the Pegasus NSO Group. It’s part of the so-called Intellexa Alliancea marketing label for a consortium of mercenary surveillance vendors that emerged in 2019, according to the University of Toronto’s Citizen Lab.
The alliance is said to consist of Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd., Cytrox, and Senpai, with the precise connections between Cytrox and Intellexa still sketchy today.
Tal Dilian, founder of Intellexa, explain himself as an intelligence expert with over 25 years of experience in the Israel Defense Forces (IDF). Intellexa, on its website, say it is a regulated company with six locations and R&D labs across Europe. Its main offering is Nebula, which it bills as the “ultimate insights platform” to help law enforcement “stay ahead of criminal activity”.
According to the New York Times, Dilian first forced to retire from the IDF in 2003 after an internal investigation raised suspicions that he had been involved in the mismanagement of funds, citing three former senior officers in the Israeli military. His website, on the other hand, claims he “retired from the military with honors” in 2002.
Earlier this May, Cisco Talos detailed the inner workings of the Predator, noting the use of a surveillance tool from a component called Alien to extract sensitive data from compromised devices. The Predator also has an iOS counterpart which was previously observed to be delivered using one-click links sent via WhatsApp.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
“Aliens are critical to the successful functioning of the Predator, including additional components loaded by the Predator on demand,” Asheer Malhotra, threat researcher for Cisco Talos, told The Hacker News at the time. “The relationship between the Alien and the Predator is highly symbiotic, requiring them to constantly work together to spy on the victim.”
The move builds on US actions in November 2021, when the US government added Israeli companies NSO Group and Candiru to the Entity List for developing software to target government officials, journalists, business people, activists, academics and embassy workers.
The development also comes as the Biden administration signs an executive order restricting the use of commercial spyware by federal government agencies.
While purveyors of such digital surveillance tools ostensibly market them to law enforcement and intelligence agencies around the world to combat serious crime and threats to national security, they have also been repeatedly abused by governments to surreptitiously infiltrate the smartphones of members of the public. civil.
