The US Commerce Department’s Bureau of Industry and Security (BIS) has added two European commercial spyware manufacturers, Cytrox and Intellexa, to its economic trade blacklist, citing risks to US national security.

The sanctioned entities include Hungary-based Cytrox Holdings Crt, North Macedonia-based Cytrox AD, Greece-based Intellexa S.A., and Ireland-based Intellexa Limited. This means that the companies are now under export and licensing restrictions and any American firm wanting to sell software to Cytrox or Intellexa will be required to obtain a license from BIS to do so.

The two firms were banned for “trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.”

Cytrox was previously linked to the Predator spyware similar to the infamous Pegasus surveillance tool, and mass hacking campaigns. Predator spyware is sold via Intellexa Alliance, a consortium of spyware vendors, which includes Nexa Technologies, WiSpear/Passitora, Cytrox, and Senpai Technologies.

A leaked commercial proposal revealed that Intellexa was offering services that include Android and iOS device exploits for €8 million. The proposal included 10 simultaneous infections for iOS and Android devices, as well as a “magazine of 100 successful infections”. The documents also included& a list of Android devices vulnerable to the attack.