The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has removed three individuals connected to Intellexa Consortium, the company behind the commercial spyware Predator, from its specially designated nationals list. The names of those removed include Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou. Harpaz and Gambazzi were sanctioned in September 2024, while Hamou had been targeted earlier in March 2024, all in connection with the development, operation, and distribution of Predator. Treasury officials did not provide a specific reason for their removal, though a statement indicated it followed a normal administrative review in response to a petition for reconsideration, noting that the individuals had demonstrated steps to separate themselves from Intellexa Consortium.
Harpaz is currently described as a manager at Intellexa S.A., and Gambazzi as owner of Thalestris Limited and Intellexa Limited. Thalestris held the distribution rights for Predator and processed transactions for other Intellexa entities, also serving as the parent company to Intellexa S.A. Hamou was listed as a corporate off-shoring specialist providing managerial services such as office rentals in Greece on behalf of Intellexa S.A. It remains unclear whether these individuals continue in these roles. Predator, active since at least 2019, is designed for stealth, often using one-click or zero-click attack methods to harvest sensitive data from devices. While marketed for law enforcement and counterterrorism purposes, reports have consistently documented its deployment against civil society actors, including journalists, activists, and politicians.
The removal of these individuals from OFAC’s list has sparked concern among cybersecurity and human rights experts. Natalia Krapiva, senior tech legal counsel at Access Now, cautioned that such actions could signal that involvement in spyware attacks may carry limited consequences if sufficient lobbying efforts are applied. Her warning comes as Amnesty International recently reported that a human rights lawyer from Pakistan’s Balochistan province was targeted with a Predator attack attempt via WhatsApp. Analysts from Recorded Future have highlighted continued use of Predator by Intellexa despite increased public scrutiny and international restrictions. Their analysis notes growing fragmentation in the spyware ecosystem, with some companies seeking legitimacy through acquisitions while others relocate to regions with weaker regulatory oversight, contributing to heightened risks of corruption, insider leaks, and attacks on spyware vendors.
The Predator ecosystem reflects broader trends in commercial spyware, where competition, secrecy, and high-value exploit technologies increase the complexity of monitoring and enforcement. Despite repeated warnings about the risks of deploying such tools against civil society, spyware companies continue to adapt and operate in environments where oversight varies widely. Intellexa’s corporate web presence and continued deployment of Predator suggest that regulatory actions alone may not fully limit access to such technologies, and experts emphasize the need for clear frameworks to balance national security objectives with human rights protections and privacy safeguards. The developments surrounding OFAC’s decision and Intellexa highlight ongoing challenges in managing the global use and proliferation of commercial spyware.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
