The US government has banned European commercial spyware makers Intellexa and Cytrox, citing risks to US national security and foreign policy interests.
Commerce Department’s Bureau of Industry and Security (BIS) added four business entities to its list of entities: Intellexa SA from Greece, Intellexa Limited from Ireland, Cytrox Holdings Zrt from Hungary and Cytrox AD from North Macedonia.
The move was prompted by the four companies’ involvement in trafficking cyber exploits used to gain unauthorized access to the devices of high-risk individuals around the world, threatening their security and privacy.
According to the US State Department, the deployment of these surveillance tools on a global scale was intended to intimidate political opponents, suppress dissent, restrict freedom of expression and monitor the activity of journalists and activists, thus maintaining a climate of repression and human rights violations.
“The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. government personnel and their families,” the U.S. Department of State said. said in a press release on Tuesday.
“The misuse of these tools globally has also facilitated repression and enabled human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor and target activists and journalists.”
Google’s Threat Analysis Group (TAG) linked the Cytrox in May 2022 with multiple zero-day vulnerabilities used to deploy Predator spyware on Android devices.
“We assess with great confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to various government-backed actors who used them in at least the three campaigns described below,” said Clément Lecigne and Christian Resell, members of Google TAG at the time.
In the same month, Intellexa was labeled as the creator of Android Predator spyware and its Alien Charger by security researchers from Cisco Talos and Citizen Lab.
The inclusion of these spyware entities in the Entity List builds on previous regulatory actions taken by the US government to address the risks associated with commercial spyware businesses.
It is consistent with previous initiatives, including a Biden Administration Executive Order issued in March prohibiting the government’s use of commercial spyware posing national security risks.
Administrator Biden also released a set of guiding principles for government use of surveillance technologies as part of a joint effort with a group of 36 other governments (known as the Freedom Online Coalition) to prevent its misuse to enable human rights abuses.
The United States Department of Commerce sanctioned four other companies from Israel, Russia and Singapore in November 2021 due to their involvement in developing spyware or selling hacking tools employed by state-sponsored hacking collectives.
Israeli spyware manufacturers NSO Group And Candiru were banned for creating and selling spyware used to target activists and journalists, while Positive Technologies in Russia and Computer Security Initiative Consultancy (CSIS) in Singapore were sanctioned for trafficking hacking tools and exploits.
Positive Technologies was also sanctioned in April 2021 following allegations that he helped Russia’s Federal Security Service (FSB) carry out cyberattacks targeting US interests.
“This rule reaffirms the protection of human rights worldwide as a core interest of U.S. foreign policy. The Entity List remains a powerful tool in our arsenal to prevent bad actors around the world from using U.S. technology to further their nefarious goals,” said Assistant Secretary of Commerce Don Grave.