U.S. Treasury Removes Sanctions on Intellexa-Linked Individuals

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury removed Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou from its sanctions list on December 31, 2025, after previously sanctioning them in March and September 2024 for their involvement with the Predator spyware. The removal occurred following a petition for reconsideration, with the individuals demonstrating separation from the Intellexa Consortium.

The decision highlights the complex challenge of regulating the commercial spyware market, where officially marketed tools for law enforcement are frequently misused against journalists, activists, and politicians. The potential for abuse and the lack of transparency surrounding these removals raise concerns about the effectiveness of sanctions as a deterrent, particularly given the documented continued use of Predator despite increased scrutiny.

Key Insights

• Predator spyware is stealthy: Designed to leave minimal traces of compromise, making detection difficult (Recorded Future, 2025).
• Commercial spyware dual-use: Tools like Predator and Pegasus are marketed for legitimate purposes (counterterrorism, law enforcement) but are often deployed against non-targets.
• Sanctions circumvention: Entities are attempting to regain legitimacy through acquisitions and shifting operations to regions with less oversight (Recorded Future, 2025).

Practical Applications

• Use Case: Intellexa uses complex corporate structures (e.g., Thalestris Limited) to obscure ownership and facilitate transactions related to spyware distribution.
• Pitfall: Relying solely on sanctions without robust oversight and enforcement can allow sanctioned actors to re-enter the system by demonstrating superficial separation from targeted entities.

References:

• https://thehackernews.com/2025/12/us-treasury-lifts-sanctions-on-three.html