The US Commerce Department added two Europe-based spyware companies to its technology export blacklist on Tuesday for developing surveillance tools deemed to have threatened US national security as well as the privacy and integrity of individuals and organisations worldwide.
Such tools are regularly used for political repression and other human rights abuses, including for spying on journalists and intimidating political dissidents.
The sanctioned companies are in Greece-based Intellexa SA, Hungary-based Cytrox and related entities in Ireland and Macedonia. Intellexa and Cytrox have been linked to Predator spyware, whose reported use in Greece helped precipitate the resignation last year of two top government officials, including the national intelligence director.
Commercial spyware firms already on the Commerce Department’s so-called Entity List — essentially making it illegal for US companies to do business with them — include Israel’s NSO Group, maker of the much better known Pegasus spyware. It was added in November 2021. The exact business relationship between Intellexa and Cytrox is unclear and the Commerce Department did not specify it.
This follows a White House executive order in March that deemed the unchecked proliferation of mercenary spyware a threat to national security. Dozens of US government employees were found to have been targeted with Pegasus. In December 2021, digital sleuths at the University of Toronto’s Citizen Lab discovered Predator spyware on the iPhone of a leading exiled Egyptian dissident. In a joint probe with Facebook,Citizen Lab discovered that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.
