Commerce Department blacklists spyware companies Cytrox and Intellexa

The actions are the first major initiative on spyware since Biden issued an executive order restricting on government use of surveillance software.
US Secretary of Commerce Gina Raimondo. (Photo by JEFF KOWALSKY / AFP) (Photo by JEFF KOWALSKY/AFP via Getty Images)

The U.S. Commerce Department on Tuesday added to its trade blacklist the spyware purveyors Cytrox and Intellexa that have been linked to operations spying on journalists, politicians and a Meta executive in Greece.

The stated reason for the blacklist inclusion is “for trafficking in cyber exploits used to gain access to information systems, thereby threatening the privacy and security of individuals and organizations worldwide.”

The full list of entities included are Intellexa S.A. based out of Greece, Cytrox Holdings Zrt. out of Hungary, Intellexa Limited out of Ireland and Cytrox AD out of North Macedonia.

Intellexa is known for its Android spyware Predator that has been described by researchers as one of the most ubiquitous spyware tools after NSO Group’s Pegasus. Cytrox has also previously been banned by Meta for surveillance operations on the platform. 


The enforcement actions are the first major initiative on commercial spyware since President Biden issued in March an executive order that places restrictions on the U.S. government’s use of spyware. The order does not, however, completely ban the use of spyware by the U.S. government.

The designations for Cytrox and Intellexa follow the inclusion of Israeli spyware companies NSO Group and Candiru on the Commerce Department’s entity list of companies that pose a national security and foreign policy risk to the U.S. in November 2021.

A senior administration official called the designations “an opportunity for private investors to consider the risk of, and reevaluate, their role in investing in and supporting such commercial spyware companies whose business practices threaten the security and safety of technology used by citizens around the world, not just here in the United States.”

Biden’s March executive order deems a spyware company a security risk if it has been used against a U.S. person without the consent of the U.S. government, has been used in human rights abuses, or is used by governments with a history of systematic political repression.

The Biden administration alongside 10 other countries in March released a statement committing to guardrails against abuse of spyware.


The Biden administration has been outspoken about potential American investment in spyware-for-hire firms, most recently commenting on the potential takeover of NSO Group by a Hollywood financier by telling The Guardian that such a takeover would “not automatically remove the designated entity from the entity list” and may prompt a security review.

This story is developing.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts