Advertisement
Subscribe to our daily newsletter.
Subscribe

Treasury removes Intellexa spyware-linked trio from sanctions list

The three Iranians had only just been added to the list in 2024, but a U.S. official said they had separated themselves from the company.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
The US Treasury Department building is seen in Washington, DC, January 19, 2023. (Photo by SAUL LOEB/AFP via Getty Images)

The Trump administration this week removed three Iranians from its sanctions list who were previously accused of working for Intellexa, the consortium behind the Predator spyware that recent investigations say has circumvented human rights safeguards.

The Biden administration imposed sanctions against the trio in 2024 as part of a broader move to sanction spyware operators. The Treasury Department noted the deletions this week as part of other sanctions moves.

Under the prior sanctions designations, the Biden administration said that Merom Harpaz was manager of Intellexa S.A., a member of the consortium; that Andrea Nicola Constantino Hermes Gambazzi was functionally the owner of Thalestris Limited and Intellexa Limited, two other consortium members; and that Sara Aleksandra Fayssal Hamou was a corporate off-shoring specialist who has provided managerial services to the Intellexa Consortium.

While the Tuesday notice about the sanctions removal provided no explanation, “this removal was done as part of the normal administrative process in response to a petition request for reconsideration,” a U.S. official told CyberScoop.

Advertisement

“Each individual has demonstrated measures to separate themselves from the Intellexa Consortium and it has been determined that the circumstances resulting in the sanction no longer apply,” the official said. “The power of sanctions derive not only from the ability to designate individuals, but also from our willingness to remove sanctions consistent with the law.”

Only last month, an investigation concluded that despite sanctions against those three individuals and others, Intellexa had retained the capacity to remotely access the systems of Predator customers, raising human rights questions. Other reports from last month found evidence of expanded Predator targeting and exploitation of malicious mobile advertisements to infect targets.

Researchers and advocates who work on spyware issues found the sanctions removals concerning.

“The public deserves to know what evidence exists to prove that these individuals have ceased their involvement with Intellexa,” Natalia Krapiva, senior tech-legal counsel at Access Now, wrote on Bluesky.

John Scott-Railton, senior researcher at the University of Toronto’s Citizen Lab, said on X that he found the removals “puzzling,” adding that “Some in the mercenary spyware ecosystem are probably reading today’s Intellexa exec [delisting] as: ‘scoff at US, help hack Americans & you can still skirt consequences with the right lobbying.’”

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

This picture taken in 2020 shows members of Malaysia’s Predator club wearing custom helmets from the movie character “Predator” outside the Petronas Twin Towers in Kuala Lumpur. (Photo by MOHD RASFAN / AFP) (Photo by MOHD RASFAN/AFP via Getty Images)

Predator spyware activity surfaces in new places with new tricks

The spyware’s developer, Intellexa, has been under pressure due to sanctions and public disclosure, but Recorded Future uncovered fresh activity.
By Tim Starks

Latest Podcasts

What happens if CISA 2015 lapses?

The Access‑Trust Gap: Why security can’t see what work depends on

How AI has complicated enterprise mobile security

Breaking down the latest era of Chinese cyberespionage with Booz Allen’s Nate Beach-Westmoreland

Government

Technology

Threats

Policy