The Threat CodexOct 18, 2025
Everyone Is a Target: Targeted Mercenary Spyware & the Rise of Commercial Surveillance
#ParagonGraphite #Pegasus #MementoLabs #PREDATOR #Intellexa #Cytrox #NSOGroup
https://drift0r.substack.com/p/everyone-is-a-target-targeted-mercenary
Everyone is a Target: Targeted Mercenary Spyware & the Rise of Commercial Surveillance

From Pegasus to Paragon, inside the privatized surveillance networks reshaping power, privacy, and control in the 21st century.

Stephano Pereira
Pavel 🇪🇺Oct 13, 2025

Since 2020 in #Greece, the national intelligence agency #EYP has been implicated in using Israeli-made " #Cytrox #Predator " #spyware to target journalists, opposition and activists (having full access to its WhatsApp etc). This scandal led to significant resignations:

* Panagiotis Kontoleon, the head of Greek agency EYP, stepped down in August 2022.
* G. Voulgarakis, a senior aide to Prime Minister Kyriakos Mitsotakis, also resigned.

more in english: https://www.dnews.gr/eidhseis/news-in-english/522954/predator-spyware-intellexa-and-the-greek-surveillance-scandal-head-back-to-courtabout

#privacy

Predator Spyware, Intellexa, and the Greek Surveillance Scandal Head Back to Court - Dnews

The trial over the illegal use of Predator spyware in Greece, one of the country’s most significant surveillance scandals in recent history, is set to resume on April 23 at the Athens Single-Member Misdemeanor Court.

Dnews
The Threat CodexSep 3, 2025
Predators for Hire: A Global Overview of Commercial Surveillance Vendors
#ParagonGraphite #Candiru #Intellexa #Pegasus #Cytrox #Cy4gate #Cellebrite
https://blog.sekoia.io/predators-for-hire-a-global-overview-of-commercial-surveillance-vendors/
Predators for Hire: A Global Overview of Commercial Surveillance Vendors

Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.

Sekoia.io Blog
Matt WillemsenMar 7, 2024
US sanctions Predator spyware makers for targeting gov’t officials
https://therecord.media/predator-spyware-makers-sanctioned-for-targeting-government-officials #US #sanctions #Predator #spyware #IntellexaCommercial #Cytrox
US sanctions Predator spyware makers for targeting gov’t officials

The U.S. government announced sanctions on Tuesday against two people and five entities tied to Predator spyware, just days after the company behind the tool took down infrastructure in response to new research about its operations.

ITSEC NewsDec 21, 2023
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware - By Mike Gentile, Asheer Malhotra and Vitor Ventura.Editor’s note: This blog post i... https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/ #threatspotlight #mercenaryapt #intellexa #topstory #features #cytrox #psoa #apt
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware

Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.

Cisco Talos Blog
Richi JenningsSep 25, 2023

Would-be president pwned by President: #AhmedTantawy had phone hacked; #CitizenLab says Egyptian govt did it.

Fingered: @VodafoneEgypt, @Sandvine and #Cytrox itself. In today’s #SBBlogwatch, we rethink seeing pyramids. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2023/09/ios-zero-cytrox-predator-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

More iOS Zero Days, More Mercenary Spyware — This Time: Cytrox Predator

Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government.

Security Boulevard
Miguel Afonso CaetanoSep 23, 2023

#Cybersecurity #Egypt #Spyware #Predator #Cytrox: "- Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections.

- In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.

- During our investigation, we worked with Google’s Threat Analysis Group (TAG) to obtain an iPhone zero-day exploit chain (CVE-2023-41991, CVE-2023-41992, CVE-2023-41993) designed to install Predator on iOS versions through 16.6.1. We also obtained the first stage of the spyware, which has notable similarities to a sample of Cytrox’s Predator spyware we obtained in 2021. We attribute the spyware to Cytrox’s Predator spyware with high confidence.

- Given that Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the network injection attack to the Egyptian government with high confidence.

- Eltantawy’s phone was additionally infected with Cytrox’s Predator spyware two years prior, in November 2021, via a text message containing a link to a Predator website."

https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions - The Citizen Lab

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox's Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox's Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

The Citizen Lab
Benjamin Carr, Ph.D. 👨🏻‍💻🧬Jul 31, 2023
US government adds two more #spyware makers to denylist
The U.S. government put #Intellexa and #Cytrox, two European spyware makers, on an economic denylist. The addition of the two companies, based in Greece and Hungary, as well as two related entities in Ireland and North Macedonia, is part of a wider effort from the Biden administration against makers of malware that is sold exclusively to #lawenforcement and intelligence agencies.
https://techcrunch.com/2023/07/18/us-government-adds-two-more-spyware-makers-on-deny-list/ #surveillance #privacy #NSOGroup
TechCrunch is part of the Yahoo family of brands

Sophie in 't VeldJul 21, 2023

While the US has blacklisted #Intellexa and #Cytrox entities in Greece, Ireland, Hungary and North-Macedonia as risk to national security, Europe is still a comfy home to these vendors of mercenary #spyware. Will @EU_Commission finally take action? My questions 👇 https://t.co/rQ23NXtTZR

🐦🔗: https://n.respublicae.eu/SophieintVeld/status/1682358169538904064

Sophie in 't Veld on Twitter

“While the US has blacklisted #Intellexa and #Cytrox entities in Greece, Ireland, Hungary and North-Macedonia as risk to national security, Europe is still a comfy home to these vendors of mercenary #spyware. Will @EU_Commission finally take action? My questions 👇”

Twitter
securityaffairsJul 19, 2023
US Gov adds #surveillance firms #Cytrox and #Intellexa to Entity List for trafficking in cyber exploits
https://securityaffairs.com/148603/laws-and-regulations/us-gov-cytrox-intellexa-entity-list.html
#securityaffairs #hacking #dataleak
US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

The U.S. government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. The Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems. The Entity List maintained […]

Security Affairs