US blacklists NSO Group and three other foreign companies
The US Department of Commerce added four foreign companies to the Entity List for “engaging in activities that are contrary to the national security or foreign policy interests of the United States.”
The four entities are located in Israel, Russia, and Singapore.
“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad,” the US Secretary of Commerce Gina M. Raimondo is quoted in a press release.
NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics, and embassy workers.
NSO Group has been roasted for its Pegasus spyware, used in attempted and successful hacks of 37 smartphones belonging to journalists, government officials, and human rights activists. Just a few days before the Pegasus Project investigation broke the news, Citizen Lab and Microsoft released their findings on another Israeli surveillance tech company Candiru.
According to Reuters, it sold a tool to hack into Microsoft Windows. Candiru created and sold a software exploit that can penetrate Windows, one of many intelligence products sold by a secretive industry that finds flaws in common software platforms for their clients, said a report by Citizen Lab.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists, and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order,” the press release said.
Positive Technologies (Russia) and Computer Security Initiative Consultancy PTE. LTD. (Singapore) were blacklisted based on a determination that they traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide.
NSO Group said it was dismayed by the decision given that their “technologies support US national security interests and policies by preventing terrorism and crime”, and said they will advocate for this decision to be reversed.
“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based on the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products,” the company said in a statement.
Positive Technologies claimed that the announcement by the US Department of Commerce and previous similar statements have had little or no effect on their business.
"Our global objective is to create products and technologies to improve the overall level of cybersecurity worldwide, as well as to shape an environment that provides maximum resistance to cyberattacks, including internationally. Every one of our developments is strictly protection-focused. The time is ripe to develop tools of this kind, and we shall continue to do so. On what basis the DOC included us in this list, we do not know. In any case, we preempted the sanctions risks ahead of time, and now they pose no additional threats to us," Denis Baranov, CEO of Positive Technologies, is quoted in a blog post.
More from CyberNews:
Subscribe to our newsletter