The United States added NSO Group – the Israeli company behind the controversial Pegasus spyware – and three other foreign companies to a trade blacklist on Wednesday.
Pegasus has reportedly been used by nation states to target the phones of journalists, human rights activists and Opposition leaders across the world.
“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad,” said U.S. Secretary of Commerce Gina M. Raimondo.
NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order, the U.S. Department of Commerce said in a statement.
NSO Group said it was dismayed by the decision and claimed that its technologies support U.S. national security interests and policies by preventing terrorism and crime. “We will advocate for this decision to be reversed. We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products.”
The company has long maintained that it has exclusively supplied its software to the recognized forces of countries without any human rights violations.
Positive Technologies (Russia), and Computer Security Initiative Consultancy PTE. LTD. (Singapore) were added to the Entity List based on a determination that they traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide.