That action serves as a “strong signal” to entities that use commercial spyware, as well as the surveillance industry on the whole, a senior administration official said.
“This is also an opportunity for private investors to consider the risk” and reevaluate whether to invest and support “such commercial spyware companies whose business practices threaten the security and safety of technology used by citizens around the world, not just here in the United States,” the official added.
The companies added to the entity list include Intellexa S.A. in Greece, Cytrox Holdings Crt in Hungary, Intellexa Limited in Ireland, and Cytrox AD in North Macedonia. They are being penalized for “trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide,” according to an update in the Federal Register.
The move builds on U.S. actions in November 2021, when the Israeli spyware company NSO Group was added to the federal blacklist when it was determined its phone-hacking tool was used by foreign governments to target government officials, academics, journalists and others. Hanan Elatr, the wife of slain Washington Post columnist Jamal Khashoggi, sued NSO Grouo last month alleging the group infected her phone with its spyware to track her late husband.
Cytrox was founded in 2017, according to the technology investment platform Pitchbook. A 2021 Citizen Lab report described it as part of Intellexa, although the exact nature of the relationship between the two companies is “murky at best.”
Intellexa was formed as a sort of “Star Alliance of Spyware” to compete with NSO Group, according to the Citizen Lab report. Its founder, Tal Dilian, is a former Israeli intelligence officer and entrepreneur.
Cytrox software was used to hack into the phones of an exiled Egyptian politician and a prominent Egyptian news reporter. The report found that one of the two victims’ phones was simultaneously infected with the NSO Group’s Pegasus software and Cytrox’s own spyware, which is called Predator.
“The targeting of a single individual with both Pegasus and Predator underscores that the practice of hacking civil society transcends any specific mercenary spyware company,” according to Citizen Lab. “Instead, it is a pattern that we expect will persist as long as autocratic governments are able to obtain sophisticated hacking technology.”
The report’s authors identified an IP address from Saudi Arabia as a possible Predator customer. This, taken together with media reports to the effect that Saudi Arabia cut off NSO Group as a client, “may be an indication that Saudi Arabia has switched from Pegasus to Predator,” the report said.
The White House has previously stated that foreign governments have used spyware to maliciously target U.S. personnel. After the March executive order, officials said that 50 U.S. government workers appear to or were confirmed to have been hacked by commercial malware tools.
The action also comes on the heels of a pledge made by the U.S. and allied nations in March to develop and implement measures aimed at countering commercial spyware abuses.
Source link