European Parliament’s Report on Pegasus spyware indicates involvement of North Macedonia companies

Illustration by Gibrán Aquino (CC BY 4.0 International), first published by La Red en Defensa de los Derechos Digitales (R3D) from Mexico.

This story by Miroslava Byrns is based on original coverage by An edited version is republished here under a content-sharing agreement between Global Voices and the Metamorphosis Foundation. 

A special committee of the European Parliament is investigating the surveillance spyware Pegasus and Predator after realizing that prominent politicians, journalists and civic activists in most European countries, as well as in repressive African regimes, were illegally targeted after their telephones were infected with this software. Its power is enormous because this spyware can extract all communications, photographs, files, video materials and documents from the mobile device without the owner's knowledge. If used beyond legal limits it represents unauthorized espionage of innocent citizens that could be used for blackmail, intimidation, manipulating election results and more.

North Macedonia was mentioned in the European Parliament Report by the Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware. Page 36 talks about the developers of such software and mentions Hungary. Not only did the Hungarian government — according to the report — buy and use Pegasus against its citizens, but it also served as the host of other manufacturing companies from the branch. Black Cube is an Israeli private intelligence agency run by former employees of Mossad, Israeli Army, and Israeli Intelligence Service.

Black Cube was involved in numerous public hacking controversies, including those in the USA and Romania. It was discovered that they were connected with the spyware of the NSO Group and Pegasus. After the enormous public pressure related to the fact that NSO had hired Black Cube to target its opponents, NSO’s former Chief Executive Officer, Shalev Hulio admitted that he had hired Black Cube at least on one occasion in Cyprus. In the section  on spyware companies, the European Parliament report reads:

Black Cube got involved in Hungary during the 2018 elections, during which time they spied upon various NGOs and persons who had any connection to George Soros and reported back to Orban in order for him to spin their actions in a smear campaign. Those targeted included a lawyer and member of the leading human rights NGO Hungarian Helsinki Committee, Marta Pardavi. The information resulting from the surveillance of those individuals and NGOs appeared not only in the Hungarian state-controlled media, but also in the Jerusalem Post.

An additional connection with Hungary is Cytrox Holdings ZRT which is registered at an address in Budapest.  Cytrox was originally founded in North Macedonia and created the Predator spyware tool before it was bought by WiSpear, which is now part of Intellexa alliance run by Tal Dilian.

Member of the European Parliament Sophie in ‘t Veld presented the report's findings over a seven-month period in a press conference on November 8, 2022. She said that all member states of the European Union have such a software available, even if they did not admit it.

According to her. however, the problem was that the software was abused by EU member states, which constitutes an enormous threat for democracy on the whole continent.

The official purpose was to intercept crime, terrorism and drugs, but the problem occurred when the software was used beyond those limits. In other words, when the abuse of spyware happens, which derogates the personal right to privacy, it undermines democracy and democratic institutions, keeps the opposition and the critically-minded people silent, eliminates control, and has the effect of “cooling off” free journalism and civil society. This abuse, inter alia, serves to manipulate elections.

In her address Sophie in ‘t Veld pointed out:

The spyware scandal is not a national scandal, it is very much a European scandal. We tend to look at it through the keyhole of national politics, but if you connect the dots, suddenly a new image emerges and suddenly you see this is an entirely European matter. For example, it affects directly the EU institutions, as MEPs, Commissioners, Commission officials and ministers have been targeted. Perpetrators, on the other hand, also sit on the Council, the European Council. It affects also the integrity of elections and of decision-making in the EU. We also observe that the spyware industry is a very shady industry, with fake and illusive and very low ethical standards. The term “mercenary spyware” sums it up nicely. But, it is fully Europeanized – making use of the internal market, Schengen and the European label. Europe offers excellent conditions for the industry including weak enforcement of rules. Thus, Europe has facilitated the export of spyware to Libya, Egypt, Bangladesh and other mobile democracy where it has been used against human rights defenders and journalists.

This report from the Special PEGA Board is particularly important because it has been ignored, and governments all over Europe show no interest in cooperating, and neither do software developers. For example, when she addressed Tal Dilian, the man who is the Chief Executive Officer of the company Intellexa, she did not receive an answer. The MEP’s letter to Dilian, again, asks questions about the corporative structure that, inter alia, includes Cytrox from North Macedonia.

The letter states:

The company Cytrox, hosted by Intellexa, began as a start-up in North Macedonia, but according to Forbes you saved it from bankruptcy with five million dollars. It seems that the corporative structure is widely spread, with corporative presence in Hungary, Israel and share transfer in a corporative entity on the British Virgin Islands. Could you please provide us with information on your current and previous role in Cytrox as well as the link between Cytrox and Intellexa. Can Intellexa comment on why is it present on the British Virgin Islands? Can Intellexa clarify whether Cytrox transferred part of its shares on the British Virgin Islands?

In ‘t Veld spoke about the personal experience of the victims included in the surveillance scheme as well as about the possible solutions or the action that needs to be undertaken to improve the situation. According to her, Cyprus was the exporter of spyware, while Greece abused it systematically as part of a political strategy. Talking about the victims, she stressed the vicious circle they were falling into. When they go to the police and require an investigation because they suspect they are part of an illegal surveillance scheme through such spyware on their telephone, they receive no information. After that the prosecutor is asking for evidence that they were the target, which they cannot produce due to the silence of the police.

The solution, or the way out of this situation, according to this MEP, is to undertake measures, to which end she proposed several initiatives:

First, I have proposed that there should be immediate moratorium, but the moratorium can be lifted on a country to country basis if four conditions are fulfilled. One is – in the countries it applies – if all the allegations are properly investigated, two – if the country can prove that it has freight work for responsible use of spyware, three – if they consent to Europol’s proposal to investigate – you know that Europol has the power to propose investigations – and four, in those countries it applies, the export licenses that do not pass the test have to be repealed immediately. Of course, we have to regulate the use of spyware in line with case law, human rights courts, the Venice Commission… It is also important that we should agree on a common definition for national security. We need to enforce the export rules vigorously because we have dual use regulation but the enforcement is not serious.

At the end of 2021, the investigative journalism portal PRIZMA (“prism”), run by BIRN Macedonia, reported on the role of the Macedonian IT company Cytrox in the global scandal with cyber-espionage which was published at the time by Facebook and the non-governmental organization Citizen Lab.

According to that PRIZMA article, Cytrox was part of a group worth millions that offered software and technology for intelligence operations. The group was managed by businessmen with serious military backgrounds in Israel such as Tali Dilian, while the Macedonian connection was the thirty-year old Ivo Malinkovski, manager of Cytrox from Skopje at the time. According to PRIZMA, closest family members of Malinkovski own and run the company trading military equipment and weapons Micei International, as well as the well-known restaurant and winery Kamnik in Skopje.

Sources consulted by BIRN informed  that Ivo's father, Ilija Malinkovski, participated in in the negotiations for investment in Cytrox at the startup stage. And while the junior Malinkovski failed to respond to journalist's questions, the father responded by email, denying any involvement with Cytrox.

On December 13, in Athens, the Greek police raided the premises of company Intellexa, owned by the Israeli military intelligence officer Tal Dilian. The homes of its employees were also searched as part of the investigation, on the basis of reasonable doubt that the powerful Predator software was abused for spying on politicians from the opposition, journalists, security staff, businessmen, ministers thereby obstructing democracy, freedom and privacy in Greece and even wider. Allegedly Predator can steal all messages, photographs and conversations from the mobile telephones of targeted persons.

On December 8, the New York Times reported that the Greek government issued a license to the company Intellexa to export the software Predator to Madagascar, a country with a history of human rights violations and political oppression of dissent. The Greek weekly Dokumento stated that the former Chief of Police in Greece, as well as judges, were some of the people infected with the spyware so that their messages, communications, photographs, and simply everything they have on their mobile telephones can be intercepted.


Start the conversation

Authors, please log in »


  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.