U.S. Treasury Removes Sanctions on Intellexa Predator Spyware Executives
The U.S. Department of the Treasury has lifted sanctions on three individuals—Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou—who were previously designated for their roles in the Intellexa Consortium, the company behind the Predator commercial spyware. These individuals had been sanctioned in 2024 for their involvement in developing, operating, and distributing Predator, as well as for facilitating the consortium’s financial and managerial operations. The reasons for their removal from the sanctions list have not been disclosed, and it is unclear whether they continue to hold their previous positions within the organization.
The reversal marks a significant shift in the U.S. government’s approach to countering commercial spyware manufacturers, following earlier efforts that included sanctions, blacklisting, and international agreements targeting such companies. Digital rights advocates have expressed concern that lifting these sanctions could undermine accountability for those involved in the proliferation of spyware, which has been used by governments and other actors to conduct invasive surveillance through zero- and one-click attacks. The Treasury Department has not provided further comment on the decision, and the move has prompted calls for greater transparency regarding the evidence supporting the delisting.
Timeline
Dec 31, 2025
Recent Predator attempt targets Pakistani human rights lawyer
A recent reported attack attempt used Predator against a human rights lawyer in Pakistan, showing the spyware was still being deployed against civil society targets.
Dec 30, 2025
Treasury removes sanctions on three Intellexa-linked individuals
The U.S. Treasury Department's OFAC delisted Merom Harpaz, Andrea Gambazzi, and Sara Hamou from its sanctions list in late December 2025. The government did not publicly explain the basis for the reversal, prompting concern from researchers and rights advocates.
Jan 1, 2025
Researchers report Predator remains active in multiple countries
By 2025, researchers and digital rights advocates reported continued Predator deployments in countries including Iraq, Pakistan, and Mozambique, indicating the spyware ecosystem persisted despite earlier sanctions.
Jan 1, 2024
Predator spyware linked to targeting of more than 50 U.S. officials
U.S. authorities said Predator had been used to target over 50 U.S. government staffers, underscoring the national security impact of the spyware and helping drive enforcement actions against Intellexa-linked actors.
Jan 1, 2024
Commerce Department places Intellexa on the Entity List
The U.S. Commerce Department added Intellexa to its Entity List, restricting the company's ability to conduct business involving U.S. goods and services. The move was part of wider U.S. action against the spyware maker and its affiliates.
Jan 1, 2024
U.S. sanctions three Intellexa-linked executives over Predator spyware
In 2024, the Biden administration imposed sanctions on Merom Harpaz, Andrea Gambazzi, and Sara Hamou for their roles in developing, operating, and distributing Predator spyware as part of a broader crackdown on commercial spyware abuse.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Malware
Sources
Related Stories
US Treasury Removes Sanctions on Intellexa Predator Spyware Executives
The US Treasury Department, under the Trump administration, has removed three individuals previously sanctioned for their involvement with the Intellexa consortium, the group behind the Predator commercial spyware platform. These individuals—Sara Hamou, Andrea Gambazzi, and Merom Harpaz—were originally sanctioned by the Biden administration in 2024 for their roles in managing and distributing Predator, which has been linked to surveillance activities targeting dissidents, journalists, and political opponents. The Treasury stated that the delistings were part of a normal administrative process following petitions for reconsideration, with each individual demonstrating steps to separate themselves from Intellexa. Despite the removals, concerns remain among researchers and human rights advocates, as recent investigations indicate that Intellexa continues to operate Predator and has expanded its targeting capabilities, including the use of malicious mobile advertisements for infection. The decision to lift these sanctions signals a shift in US policy toward commercial spyware vendors, with critics warning that it may embolden the use of surveillance tools by authoritarian regimes. The move follows earlier actions by the Trump administration to ease restrictions on other spyware companies, raising questions about the future of US efforts to curb the proliferation of commercial surveillance technology. The Predator spyware remains a significant concern for national security and human rights, as it enables extensive device tracking, data theft, and surveillance operations on infected devices.
1 months ago
Intellexa Executives Sentenced in Greece Over Predator Spyware Wiretapping Scandal
A Greek court in Athens sentenced **Intellexa** founder **Tal Dilian** and three associates—**Sara Hamou**, **Felix Bitzios**, and **Yiannis Lavranos**—to prison for their roles in the “Greek Watergate” spyware scandal involving illegal wiretapping and privacy violations tied to Intellexa’s *Predator* spyware. Local reporting cited by multiple outlets indicates the court imposed sentences totaling more than **126 years**, which under Greek law translate to **eight years** to be served; the court also ordered further investigation, and the defendants are expected to **appeal** and remain free pending the appeal process. The case stems from allegations that *Predator* was used to surveil Greek targets including **politicians, journalists, businesspeople, military officials, and other public figures**, with reporting citing **more than 90** victims in Greece during **2020–2021**. Lavranos’s company **Krikel** was reported to have links to the procurement of *Predator*. The convictions mark a notable legal milestone against a commercial spyware vendor; Intellexa and associated entities have also faced international scrutiny, including **U.S. sanctions** in 2024 over alleged misuse of the spyware, and experts noted the guilty verdict and custodial sentence could increase cross-border legal exposure even if defendants attempt to avoid Greek jurisdiction.
1 months ago
Commercial Spyware Policy Debate Amid Shifting US Enforcement
US policy toward the **commercial spyware** industry is facing renewed scrutiny as sanctions, contract decisions, and legal actions send mixed signals about how aggressively Washington intends to constrain vendors linked to surveillance abuse. Dark Reading reports that opponents of the spyware market fear recent moves — including rescinded sanctions and reactivated government contracts — could weaken pressure on firms whose tools have been used against journalists, activists, political figures, and officials, even after a Greek court convicted figures tied to the **Predator** spyware scandal. The broader policy discussion also reflects concern that governments are emphasizing disruption of cybercrime while easing pressure on software and security accountability elsewhere. A CyberScoop opinion piece argues that recent US action has focused on raising costs for cyber-enabled fraud operators, but that rollback of prior federal software supply-chain assurance measures risks leaving systemic weaknesses unaddressed. A weekly roundup mentioning multiple unrelated incidents, including an alleged **Handala** attack on Stryker and an Aadhaar bug bounty, does not describe the same spyware-policy story and should be excluded.
1 weeks ago