← Back to database

Predaxia Research

Predator

Intellexa Consortium / Cytrox AD · North Macedonia / Israel / Greece

Active in 2025OFAC sanctions 2024Greek wiretap scandal
5

Confidence 5/5

VendorIntellexa Consortium (Cytrox AD = developer)
FounderTal Jonathan Dilian (former IDF Unit 8200)
FoundedIntellexa 2019, Cytrox earlier
Cytrox AD locationNorth Macedonia
Intellexa S.A.Greece
Thalestris LimitedIreland
Cytrox Holdings ZRTHungary
Current statusActive. Deployed in Iraq, likely Pakistan, Mozambique through June 2025
US Entity ListCytrox AD and Cytrox Holdings ZRT, since July 2023
OFAC sanctionsMarch 2024 (Dilian, Hamou). September 2024 (5 more). December 2025: 3 reversed by Trump Treasury

Technical capabilities

Predator is a mercenary spyware suite targeting iOS and Android devices through zero-click and one-click exploit chains. Historically delivered via SMS link or network injection, with a loader component called “Alien” preparing the device before deploying the Predator payload. Capabilities include data exfiltration, geolocation tracking, microphone recording, and access to applications and personal information.

The December 2025 Amnesty Security Lab “Intellexa Leaks” investigation revealed that Intellexa retained remote access to customer Predator deployments, even on customer on-premises systems. The internal management dashboard is named PDS (Predator Delivery Studio), also known as CyOp.

Documented victims

  • Thanasis Koukakis, Greek financial journalist, targeted with Predator 2020-2021 (Citizen Lab and Amnesty Security Lab forensic confirmation).
  • Ayman Nour, Egyptian dissident in exile, iPhone confirmed infected December 2021.
  • Roberta Metsola, President of the European Parliament: targeting attempt documented (Citizen Lab, October 2023).
  • Tsai Ing-Wen, then-President of Taiwan: targeting attempt documented (Citizen Lab, October 2023).
  • Representative Michael McCaul (R-TX) and Senator John Hoeven (R-ND): targeting cited in US Treasury sanctions documentation (September 2024).
  • Meta security policy manager: targeted by Greek intelligence service EYP using Predator in 2021.

Customer states

Customers documented include Greece (national intelligence service EYP), Egypt, Indonesia, Madagascar, Oman, Saudi Arabia, Serbia, and Armenia. Newer customers identified by Recorded Future Insikt Group: Angola, Democratic Republic of Congo, the United Arab Emirates, possibly Botswana, and the Philippines.

The December 2025 Recorded Future Insikt report concluded that Predator deployment continues in Iraq, likely Pakistan, and Mozambique through at least late June 2025, despite multiple rounds of US sanctions.

Legal and sanctions status

  • US Commerce Entity List: Intellexa S.A., Intellexa Limited, Cytrox AD, and Cytrox Holdings ZRT, all added July 2023.
  • US OFAC sanctions, March 2024: Tal Dilian and Sara Hamou. First time Treasury sanctioned individuals connected to commercial spyware.
  • US OFAC sanctions, September 2024: Felix Bitzios, Andrea Gambazzi, Merom Harpaz, Panagiota Karaoli, Artemis Artemiou, and Aliada Group Inc.
  • December 2025: Trump Treasury removed Sara Hamou, Andrea Gambazzi, and Merom Harpaz from the sanctions list.
  • Greek wiretap scandal (2022): Predator usage linked to the resignation of two senior Greek officials.

Technical countermeasures

  • Same baseline as Pegasus: iOS Lockdown Mode (iOS 16+), regular reboots, Apple Threat Notifications.
  • Network-level mitigation: avoid clicking SMS links from unknown senders. Insufficient against zero-click variants.
  • Detection via Amnesty Mobile Verification Toolkit.
  • GrapheneOS recommended for Android profiles facing nation-state adversaries.

Update log

March 3, 2026: First publication. Initial sourcing through Citizen Lab, Amnesty Security Lab, Microsoft Threat Intelligence, Google TAG, Lookout, Kaspersky GReAT, US Treasury OFAC, court documents and investigative press.


There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.