On Wednesday, the US Commerce Department added four organizations to a list of entities involved in malicious cyber operations. The list includes Israel-based spyware companies NSO Group and Candiru.
According to the government, the two firms were put on the list based on information that these organizations created and sold spyware to foreign governments. Government leaders, journalists, businesses, activists, academics, and diplomatic staff were targeted maliciously using spyware.
According to the Commerce Department, these tools have also allowed foreign governments to engage in transnational repression. It happens when authoritarian regimes target dissidents, journalists, and activists outside of their sovereign boundaries to quiet dissent.
Computer Security Initiative Consultancy PTE. LTD., located in Singapore, and Positive Technologies, based in Russia, are two other companies. Both organizations were listed because they trafficked weaponized malware and vulnerabilities, which state-sponsored hacking groups subsequently used to obtain illegal access to corporate networks worldwide.
The Entity List is a list of entities judged to be participating in actions that are antithetical to the United States’ national security or foreign policy objectives, demanding additional trade restrictions.
The news comes after NSO Group and Candiru were exposed as being behind the exploitation of zero-day vulnerabilities in Apple iOS and Google Chrome to eavesdrop and monitor the activities of persons deemed of interest to their clients in July 2021. The famed Pegasus spyware, developed by NSO Group, can gather contacts, call records, text messages, photographs, and passwords from a phone without leaving a trace.
The designation comes amid demands for a moratorium on the sale, use, and transfer of digital invasive technology until strict rules are in place and a legislative framework mandating private monitoring corporations to do human rights due diligence is implemented.