The U.S. government’s clampdown on commercial spyware and mercenary hacking companies ramped up this week with the addition of Cytrox and Intellexa to an ‘entity list’ that limits their access to American-made components and technologies.
A new announcement (PDF) from the Biden administration’s Commerce Department flagged the two foreign companies “for trafficking in cyber exploits used to gain access to information systems, thereby threatening the privacy and security of individuals and organizations worldwide.”
Cytrox, which has been linked to malware found spying on a European lawmaker, was exposed as the vendor behind the notorious Predator iPhone eavesdropper implant.
The University of Toronto’s Citizen Lab teamed up with the threat-intel team at Facebook parent company Meta to identify Cytrox alongside a handful of PSOAs (private sector offensive actors) in the murky surveillance-for-hire industry. Citizen Lab said Cytrox is responsible for a piece of iPhone eavesdropping malware that was planted on phones belonging to two notable Egyptians.
The company’s Predator eavesdropper was able to infect the then-latest iOS version (14.6) using single-click links sent via WhatsApp messenger.
Like Cytrox, Intellexa has also been publicly outed as a mercenary offensive security outfit selling million-door iOS and Android hacking services.
In November 2021, the U.S government added Israeli commercial spyware firm NSO Group to the entity list, a move that will require special government permission to do business with American companies.
The department said putting these companies on the entity list was part of the Biden administration’s efforts to promote human rights in U.S. foreign policy.