Intellexa and Cytrox: from the “cyber-espionage star alliance” to the US blacklist
How does President Biden deal with foreign spies?
Administration of US President Joe Biden contributed foreign companies Intellexa and Cytrox in the “list of entities”, with which trading relations are strictly limited for US firms. This decision is based on the national security threat and US foreign policy posed by the organizations. Intellexa and Cytrox are known to develop spyware.
Thus, Biden continued to fight the spread and abuse of cyber espionage. In March, the president signed an executive order restricting the use of spyware by US agencies and banning its use, especially if there is a risk of foreign interference.
Last year, a case was recorded when the phone of the wife of the murdered Saudi journalist Jamal Khashoggi was infected with the NSO Group program. A recent report indicates that Saudi Arabia has now likely switched from Pegasus NSO Group to Predator Cytrox software.
The list of undesirable organizations also includes Intellexa SA (Greece), Cytrox Holdings Crt (Hungary), Intellexa Limited (Ireland) and Cytrox AD (North Macedonia). They are accused of “trafficking in cyberexploits used to access information systems”, which threatens the privacy and security of citizens and organizations around the world.
According to report Citizen Lab 2021, Intellexa began life as a kind of “cyber-espionage star alliance” and was supposed to compete with the NSO Group. The founder of the company is Tal Dilian, a former Israeli intelligence officer and entrepreneur.
Cytrox, founded in 2017, was mentioned in the report as part of Intellexa, although the relationship between the companies remains hazy. Cytrox software, for example, was used to hack the phones of Egyptian politician Ayman Nur and a well-known reporter. The report indicates that Nur’s phone was infected simultaneously with the Pegasus program from NSO Group and Cytrox.
“The attack on one person using both Pegasus and Predator highlights that the practice of hacking citizens goes beyond the specific spyware companies,” Citizen Lab notes. “Most likely, this scheme will work as long as authoritarian states acquire modern technologies for hacking.”
The White House has already said that foreign governments are abusing spyware against US employees. After the decree signed in March, it became known that the devices of 50 members of the US government were likely hacked using commercial malware distribution tools.