The Treasury Department has removed three individuals associated with the Intellexa Consortium and its Predator spyware from a federal sanctions list. This move reverses 2024 penalties imposed on Merom Harpaz, Andrea Gambazzi, and Sara Hamou for their roles in a corporate network that facilitated global surveillance.
The recent decision by the Treasury Department to delist three key figures linked to the Intellexa Consortium marks a significant pivot in federal policy regarding commercial spyware. Merom Harpaz, Andrea Gambazzi, and Sara Hamou had previously been sanctioned for their involvement with the organization behind the Predator spyware, which allows operators to gain full access to target devices. These individuals held roles ranging from high-level executive management to financial processing and corporate off-shoring services designed to shield the consortium from public accountability.
This reversal stands in contrast to previous executive efforts to limit the proliferation of invasive surveillance technology. Predator spyware is capable of infiltrating smartphones through sophisticated exploits, granting attackers the power to harvest private data and remotely trigger microphones or cameras. Throughout 2024, the government maintained that such tools posed a direct threat to national security, particularly after reports surfaced that dozens of government personnel had been targeted by the software.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
The removal of these individuals from the sanctions list has drawn sharp criticism from digital rights organizations and legal experts. Advocates argue that the public has not been provided with evidence showing that these individuals have ended their participation in the spyware industry. There is a growing concern among these groups that lifting penalties without a clear explanation sends a message that those involved in developing tools used against government officials and civil society may face few long-term consequences.
Despite various regulatory efforts to dismantle its infrastructure, the Intellexa Consortium appears to remain operational in several regions. Recent findings from cybersecurity researchers indicate that the Predator spyware has continued to surface in various countries through 2025. While the frequency of its use may have fluctuated, the technical infrastructure remains active, and the developers have reportedly updated their methods to make their activities more difficult for investigators to track and identify.
The history of the consortium is marked by persistent attempts to bypass international restrictions and maintain its client base. Even after initial blacklisting and sanctions, evidence suggested that the group continued to market its services to new government clients across Africa and the Middle East. With the latest delisting, questions remain regarding the future of the federal strategy to contain the global spyware market and protect the privacy of citizens and government employees from sophisticated digital surveillance.
Source: US Treasury Removes Sanctions For Three Executives Linked To Spyware Firm Intellexa