The U.S. Department of the Treasury has removed three individuals connected to the Intellexa Consortium from its sanctions list, raising new questions about the future oversight of commercial spyware operations.
The individuals removed from the Office of Foreign Assets Control (OFAC) sanctions list are Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou. All three had previously been linked to Intellexa, the company behind the controversial Predator spyware platform.
Hamou was added to the sanctions list in March 2024, while Harpaz and Gambazzi were sanctioned later in September 2024. At the time, U.S. authorities accused them of playing key roles in the development, management, and distribution of Predator. The government has not publicly explained why their names were removed.
According to past Treasury findings, Harpaz served as a manager at Intellexa S.A., while Gambazzi controlled Thalestris Limited and Intellexa Limited. Thalestris was described as a central financial and operational hub that handled transactions and distribution for the spyware network. Hamou, meanwhile, was identified as a corporate facilitator who helped provide administrative and logistical support, including arranging office operations in Greece.
The Treasury Department previously warned that the rapid spread of commercial spyware poses serious national security and human rights risks. Officials emphasized the need for stronger oversight to prevent abuse while balancing legitimate law enforcement use.
Critics have raised concerns over the decision to lift the sanctions. Natalia Krapiva, senior legal counsel at Access Now, warned that reversing penalties could send the wrong message, suggesting that those involved in surveillance abuses may avoid accountability if they have enough resources or influence.
The decision comes shortly after Amnesty International revealed that a human rights lawyer from Pakistan’s Balochistan region had been targeted in a Predator spyware attack delivered through WhatsApp. The case renewed global attention on how such tools continue to be used against journalists, activists, and political figures.
First identified in 2019, Predator is known for its stealth capabilities and ability to extract sensitive data with little or no user interaction. It operates through both one-click and zero-click attack methods, making it especially difficult to detect.
While the spyware is marketed as a tool for counterterrorism and law enforcement, multiple investigations have shown it being deployed far beyond those boundaries. Research by cybersecurity firm Recorded Future found that despite growing scrutiny and international pressure, Predator remains in active use.
The report also highlighted emerging trends within the spyware industry, including fragmentation among vendors, increased secrecy, and the migration of operations to jurisdictions with weaker regulatory oversight. According to researchers, these shifts heighten the risk of abuse, internal leaks, and cyberattacks targeting the spyware developers themselves.