{
	"id": "8f859fdf-6d2c-4790-b0f2-281e3185bd4f",
	"created_at": "2026-04-06T00:16:00.72482Z",
	"updated_at": "2026-04-10T13:12:09.073062Z",
	"deleted_at": null,
	"sha1_hash": "7e838f582b776cc870c06c59e84ef9902d3f6f6d",
	"title": "US cracks down on spyware vendor Intellexa with more sanctions",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2153270,
	"plain_text": "US cracks down on spyware vendor Intellexa with more sanctions\r\nBy Sergiu Gatlan\r\nPublished: 2024-09-16 · Archived: 2026-04-05 17:00:45 UTC\r\nImage: Midjourney\r\nToday, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium\r\nfor developing and distributing Predator commercial spyware.\r\nIntellexa Consortium is a network of decentralized companies that developed and sold highly intrusive spyware products\r\nmarketed under the \"Predator\" brand.\r\nPredator spyware has allowed Intellexa customers worldwide — mostly state-sponsored actors and governments — to\r\naccess sensitive information on victims' smartphones, including photos, geolocation data, personal messages, and\r\nmicrophone records in one-click or zero-click attacks.\r\nhttps://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nIntellexa spyware tools have been used to target government officials, journalists, policy experts, tech executives, and\r\nopposition politicians in campaigns to intimidate political adversaries, restrict freedom of speech, suppress dissent, and\r\nmonitor journalists' activities worldwide and in the United States.\r\nIn March, Google subsidiary Mandiant and Google's Threat Analysis Group (TAG) revealed that commercial surveillance\r\nvendors have been behind 50% of all zero-day exploits used to target Google products and Android devices in 2023.\r\nNew sanctions announced Monday include:\r\nFelix Bitzios, the manager of Intellexa S.A. and the owner of an Intellexa Consortium company that supplied a\r\nforeign government client with Predator spyware,\r\nAndrea Nicola Constantino Hermes Gambazzi is the beneficial owner of Thalestris Limited and Intellexa Limited,\r\nmembers of the Intellexa Consortium,\r\nMerom Harpaz, a manager of Intellexa S.A and an Intellexa Consortium top executive,\r\nPanagiota Karaol, the director of multiple Intellexa Consortium entities,\r\nArtemis Artemiou, the general manager and member of the board of Cytrox Holdings (a member of the Intellexa\r\nConsortium),\r\nAnd Aliada GroupInc, a British Virgin Islands company and an Intellexa Consortium member that has enabled tens\r\nof millions of dollars of transactions involving the spyware network\r\n\"The United States will not tolerate the misuse of technologies that undermine Americans’ national security or that of our\r\nallies, nor will we tolerate the misuse of technologies to perpetrate human rights abuses or undermine freedom of\r\nexpression,\" said State Department spokesperson Matthew Miller.\r\n\"Today, we are imposing sanctions on five individuals and one entity associated with the Intellexa Consortium for their role\r\nin developing, operating, and distributing commercial spyware technology misused to target Americans, including U.S.\r\nGovernment officials, journalists, and policy experts.\"\r\nThis commercial spyware network of entities was founded by Tal Jonathan Dilian (Dilian), sanctioned by the Treasury's\r\nOffice of Foreign Assets Control (OFAC) in March, together with five entities, including Cytrox AD (North Macedonia),\r\nCytrox Holdings ZRT (Hungary), Intellexa Limited (Ireland), Intellexa S.A. (Greece), and Thalestris Limited (Ireland).\r\nEarlier this year, the State Department announced a new visa restriction policy that would allow banning those linked to\r\ncommercial spyware from entering the United States, subsequently used to prohibit the entry of 13 individuals linked to\r\ncommercial spyware operations (and their close families).\r\nIn July 2023, the Department of Commerce added Intellexa commercial spyware vendors to its Entity List, citing risks to\r\nU.S. national security and foreign policy interests. The U.S. Commerce Department also sanctioned four other companies\r\nfrom Israel, Russia, and Singapore (including Israeli spyware makers NSO Group and Candiru) in November 2021) for their\r\ninvolvement in developing spyware or selling hacking tools used by state-sponsored hacking groups.\r\nIndividuals and entities listed on OFAC's Specially Designated Nationals (SDN) List face significant legal and financial\r\nconsequences. Their inclusion means all U.S.-based assets linked to them are frozen, and U.S.-based individuals and\r\ncompanies are prohibited from engaging in any transactions with them, under the risk of severe penalties and imprisonment.\r\nhttps://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/\r\nhttps://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/"
	],
	"report_names": [
		"us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions"
	],
	"threat_actors": [
		{
			"id": "38f8da87-b4ba-474b-83e6-5b04d8fb384b",
			"created_at": "2024-02-02T02:00:04.032871Z",
			"updated_at": "2026-04-10T02:00:03.532955Z",
			"deleted_at": null,
			"main_name": "Caramel Tsunami",
			"aliases": [
				"SOURGUM",
				"Candiru"
			],
			"source_name": "MISPGALAXY:Caramel Tsunami",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434560,
	"ts_updated_at": 1775826729,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7e838f582b776cc870c06c59e84ef9902d3f6f6d.pdf",
		"text": "https://archive.orkl.eu/7e838f582b776cc870c06c59e84ef9902d3f6f6d.txt",
		"img": "https://archive.orkl.eu/7e838f582b776cc870c06c59e84ef9902d3f6f6d.jpg"
	}
}