The United States leveled new sanctions against an international group of alleged senior figures from spyware group Intellexa, marking the second time the consortium has been targeted for the threat posed by its so-called “Predator” software.
The U.S. Treasury’s Office of Foreign Assets Control announced the sanctions on Monday, naming five people and one offshore company that allegedly played a role in “developing, operating, and distributing commercial spyware technology that presents a significant threat to the national security of the United States.”
The Intellexa consortium is a complex network of companies that has sold spyware technology to several repressive regimes, including a paramilitary group in Sudan and the Egyptian intelligence services. It was embroiled in a scandal in Greece after its Predator spyware was found to have infected the phones of businessmen, politicians, and journalists in that country.
In November 2023, ICIJ’s Cyprus Confidential investigation revealed how Intellexa’s founder, former Israeli military intelligence officer Tal Dilian, and his former partner Sara Hamou used Cyprus as a business hub for their commercial spyware enterprise.
The 3.6 million leaked files at the heart of the Cyprus Confidential investigation come from six financial services providers and a website company.
The providers are: ConnectedSky, Cypcodirect, DJC Accountants, Kallias & Associates, MeritKapital, and MeritServus in Cyprus. The MeritServus and MeritKapital records were obtained by Distributed Denial of Secrets. Leaked records from Cypcodirect, ConnectedSky and i-Cyprus were obtained by Paper Trail Media. In the case of Kallias & Associates, the documents were obtained from Distributed Denial of Secrets, which shared them with Paper Trail Media and ICIJ. DJC Accountants’ records were obtained by Distributed Denial of Secrets and shared by the Organized Crime and Corruption Reporting Project. The partner organizations shared all the leaked records in the project with ICIJ, which structured, stored and translated them from several languages before sharing them with journalists from around the world. Additional records came from Latvia-based Dataset SIA, which maintains the i-Cyprus website, through which it sells information about Cyprus companies, including Cyprus corporate registry documents.
In March, Dilian and Hamou were both sanctioned by the United States for their roles in developing spyware used to target Americans. The Treasury Department described Dilian as “the architect behind [Intellexa’s] spyware tools,” and Hamou as “a corporate off-shoring specialist.”
This week’s sanctions target five individuals who the U.S. government alleges are senior officials within the Intellexa consortium: Felix Bitzios, Andrea Gambazzi, Merom Harpaz, Panagiota Karaoli and Artemis Artemiou. A British Virgin Islands-based company, the Aliada Group, was also sanctioned for allegedly enabling tens of millions of dollars of transactions involving the spyware group.
According to the sanctions listing, Bitzios and Gambazzi are owners of companies that are part of the Intellexa consortium. Harpaz and Artemiou are described as managers of an Intellexa affiliate in Greece. Karaoli is a Cyprus-based corporate incorporation specialist who has served as the director of multiple Intellexa-affiliated companies, as well as other companies.
In addition to the two rounds of sanctions on individuals and entities associated with Intellexa, the U.S. government has put it on a U.S. export blacklist and targeted those who misuse commercial spyware with visa bans.
In the wake of the U.S. sanctions this week, a number of privacy and anti-spyware advocates took to social media to criticize the European Union for failing to take similar steps against commercial spyware firms.
“Maybe the US should then also sanction the Member State governments, the EU Commission and EUCO,” wrote Sophie in ‘t Veld, the former chair of an EU committee to investigate spyware abuses, in a tongue-in-cheek post on social media platform X. “They are the enablers in chief of the abuse of, and illicit trade in #spyware, giving #Intellexa tax breaks, government contracts and export licenses.”
