Cy4Gate S.r.l. (Rome, Italy.

Euronext Growth Milan: CY4G) is an Italian private sector offensive actor (PSOA), a publicly- listed commercial surveillance vendor that develops, markets, and sells the Epeius mobile surveillance platform and related intelligence-collection tools exclusively to government law enforcement and intelligence clients under a lawful- interception / government-exclusive commercial model. Cy4Gate occupies a distinct position in the Italian commercial surveillance vendor ecosystem: unlike RCS Lab (the former Hacking Team successor entity, curated at hacking_team_memento_labs.yaml), Cy4Gate is a post-Hacking- Team-collapse market entrant (founded approximately 2016-2017) that emerged during the period of Italian surveillance-vendor market reconsolidation following the 2015 Hacking Team breach and subsequent reputational damage to the Italian surveillance industry. Cy4Gate is also notable as a publicly-listed PSOA, one of a small number of commercial surveillance vendors that operates with public market transparency obligations (unlike the privately-held NSO Group, Intellexa, or Paragon Solutions). The Epeius platform provides comprehensive mobile device surveillance capabilities across both iOS and Android platforms, including location tracking, microphone activation, camera activation, SMS/iMessage/WhatsApp message interception, contact list and calendar access, call record access, clipboard capture, and screen capture. The platform's capabilities are broadly comparable to those of other commercial mobile surveillance platforms (NSO Group Pegasus, curated at nso_group_pegasus.yaml; Intellexa Predator, curated at intellexa_predator.yaml.

Paragon Solutions Graphite, curated at paragon_solutions_graphite.yaml) while operating at a smaller documented deployment scale. Google TAG and Project Zero (March 2023) documented exploit chains used in the Italian commercial surveillance vendor ecosystem, including infrastructure and exploit delivery patterns associated with Cy4Gate's Epeius platform, providing the primary technical-attribution basis linking specific vulnerability exploitation to Epeius delivery. The European Parliament PEGA Committee inquiry (2022-2023) examined the Italian surveillance vendor ecosystem in which Cy4Gate operates, providing a governance-context backdrop for assessing the cluster's commercial operations. The PSOA governance significance of Cy4Gate, like all commercial surveillance vendors in this curated corpus, is that government clients nominally purchasing Epeius for lawful interception of criminal suspects have, in the broader PSOA ecosystem pattern, been documented to direct surveillance tools against journalists, human rights defenders, opposition politicians, and civil society members in contexts inconsistent with stated lawful-interception justifications. No publicly- available technical report has definitively attributed specific Epeius deployments against named civil society victims with the same evidentiary density as Citizen Lab's Pegasus forensic reports, Cy4Gate's public attribution footprint is thinner than NSO Group's but analytically significant in the Italian PSOA market context.