Two more foreign spyware firms blacklisted by US

The Commerce Department announced Tuesday that it has blacklisted two manufacturers of spyware, including the company behind Predator, which has been used to spy on journalists, politicians and even a Meta employee.

The agency’s Bureau of Industry and Security (BIS) added the Greece and Ireland-based Intellexa and the Hungary- and North Macedonia-based Cytrox AD to its Entity List, which identifies companies and other organizations or individuals believed to threaten the national security or foreign policy interests of the United States.

Intellexa and Cytrox, which makes Predator, were added to the list because of their “trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide,” the Commerce Department said in a press release.

Once on the Entity List, companies expecting to do business in the U.S. must comply with strict licensing requirements and other rules to ensure better oversight of their operations. Intellexa and Cytrox will now have difficulty accessing commodities, software, and technology that helps them develop their surveillance tools, the agency said in a press release.

Predator was deployed against Meta security policy manager Artemis Seaford in 2021 at the behest of Greece’s national intelligence agency, as reported by The New York Times. Seaford’s work for Meta focused on cybersecurity policy issues and she was in frequent contact with European political officials, the Times reported.

The Israeli spyware companies NSO Group and Candiru were previously added to the Commerce Department’s entity list in November 2021.

“We remain laser focused on stemming the proliferation of digital tools for repression,” Alan Estevez, undersecretary of Commerce for industry and security, said in a prepared statement. “Considering the impact of surveillance tools and other technologies on international human rights, I am pleased to announce these additions to our Entity List.”

The Commerce Department noted that commercial surveillance tools have been used to repress dissidents and fuel human rights abuses. For example, the United Arab Emirates imprisoned human rights activist Ahmed Mansoor in 2017, holding him in isolation. NSO-produced Pegasus spyware was detected on Mansoor’s phone in 2016, immediately preceding his jailing.

In March President Biden issued an executive order barring U.S. departments and agencies from “operationally using commercial spyware tools that pose significant counterintelligence or security risks to the U.S. Government or significant risks of improper use by a foreign government or foreign person.”