It includes corporate holdings of companies in Hungary (Citrox Holdings CRT), North Macedonia (Citrox AD), Greece (Intelexa S.A.), and Ireland (Intelexa Ltd.). Adding to the economic sanctions list, it bars US companies from transacting with these businesses.
“Recognizing the increasingly important role of surveillance technology in enabling campaigns of repression and other human rights abuses, the Department of Commerce’s action today targets the ability of these entities to access the goods, software and technology that have contributed to the development of surveillance tools.” The Bureau of Industry and Security (BIS) said, “There is a risk of abuse in human rights violations or abuses.”
Citrix is the creator of a mobile mercenary spyware called Predator that is analogous to NSO Group’s Pegasus. According to the University of Toronto’s Citizen Lab, it is part of the marketing label for a consortium of so-called mercenary surveillance vendors called the Intellexa Alliance, which emerged in 2019.
The alliance reportedly includes Nexa Technologies (formerly Emesis), Wispire/Passitora Ltd., Citrox and Senpai, the exact relationship between Citrox and Intellexa remains unclear to this day.
Intelexa founder Tal Dillion describes himself as an intelligence specialist with over 25 years of experience in the Israel Defense Forces (IDF). Intellexa states on its website that it is a regulated company with six sites and R&D laboratories across Europe. Its main offering is Nebula, which is billed as the “ultimate insights platform” to help law enforcement “stay ahead of criminal activity.”
According to the New York Times, Dillion was forced to retire from the IDF in 2003 after an internal investigation, citing three former senior Israeli military officers, suspected him of involvement in mismanagement of funds. On the other hand, his website claims that he “retired with honor from the military” in 2002.
Earlier this May, Cisco Talos detailed the inner workings of Predator, noting its use of a component monitoring tool called Alien to obtain sensitive data from compromised devices. Predator also has an iOS counterpart that was previously distributed using single-click links sent via WhatsApp.
“Alien is critical to the successful functioning of Predator, including additional components loaded by Predator on demand,” Ashish Malhotra, a threat researcher at Cisco Talos, told The Hacker News at the time. “The relationship between the alien and the Predator is highly symbiotic, requiring them to constantly work together to spy on victims.”
The move builds on US action in November 2021, when the US government added Israeli companies NSO Group and Candiru to the entity list for developing software to target government officials, journalists, businessmen, activists, academics and embassy staff Was.
The development comes as the Biden administration signed an executive order that bans the use of commercial spyware by federal government agencies.
While vendors of such digital surveillance tools market them to law enforcement and intelligence agencies across the world to combat serious crimes and national security threats, they have also been used by various governments to infiltrate targeted smartphones of members of civil society goes.
