US imposes sanctions on Intellexa spyware vendor
OFAC designates Intellexa Consortium entities for spyware, targeting US officials. Actions address security threats and global human rights abuses.
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and five entities linked to Intellexa spyware vendor for their involvement in creating, operating, and disseminating commercial spyware technology. Namely, the sanctions target Intellexa Consortium, encompassing Greece’s Intellexa S.A., an exporter of spyware to authoritarian regimes; Ireland’s Intellexa Limited, a consortium reseller; North Macedonia’s Cytrox AD; Hungary’s Cytrox Holdings ZRT, creator of Predator spyware; and Ireland’s Thalestris Limited.
According to OFAC, the spyware vendor has been used to target Americans, including US government officials, journalists, and policy experts, presenting increasing security threats to the USA. The OFAC adds that the spyware has been used to exploit and facilitate human rights abuses globally, particularly against dissidents. OFAC’s action aims to address these concerns and mitigate the misuse of commercial spyware for repression and reprisal.
What do these sanctions mean?
According to OFAC, the designated individuals and entities face asset freezes in the USA. Controlled by US individuals, their properties or interests within the country are blocked and must be reported to the OFAC. Furthermore, entities majority-owned by blocked persons are also subjected to blocking. OFAC’s regulations prohibit US persons from engaging in transactions involving the assets of these designated individuals unless authorized by a license or exempt. Financial institutions dealing with sanctioned entities risk sanctions or enforcement actions. Contributions, fund transfers, and services involving or benefiting designated persons are strictly prohibited, emphasizing the stringent measures to curb their activities and protect national security and economic interests.
Why does it matter?
While the US has imposed sanctions earlier against cybercriminals and ransomware actors, this is the first time the government has targeted individuals and entities for the misuse of commercial spyware. Therefore, this establishes a new policy development for the US on the matter. Despite the absence of specific legislation, it sets a precedent for the country’s policy.