The U.S. has sanctioned four companies based in Israel, Russia, and Singapore for creating and selling hacking tools to state-sponsored hacking groups. The sanctioned firms include Israel-based NSO group and Candiru, Russia-based Positive Technologies, and Singapore-based Computer Security Initiative Consultancy PTE. LTD.
The Commerce Department’s Bureau of Industry and Security (BIS) added the four entities to the Entity List yesterday. The U.S. determined that they were acting contrary to the foreign policy and national security interests of the United States.
With regard to the Israeli companies NSO Group and Candiru, the final ruling to the Export Administration Regulation read that according to investigative information, they “developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, business people, activists, academics, and embassy workers”.
What does the sanction do?
The new EAR will impose additional license requirements on, and limit the availability of most license exceptions for exports, re-exports, and transfers (in-country).
Companies that wish to export, re-export, or transfer items must receive a license from the BIS. However, the new license review policy for these companies imposes a “presumption of denial”. As such, the U.S. government will predominantly deny any license requests.
The NSO Group is the creator of the Pegasus spyware which the governments around the world, including the Indian government, used to target activists, politicians, and journalists. The Supreme Court has recently created an Expert Committee to investigate the issue.
Candiru is the developer of an espionage toolkit dubbed DevisTolngue. It reportedly sold the toolkit exclusively to governments. The toolkit is capable of infecting PCs, Macs, iPhones, Android devices, and even cloud accounts.
The U.S. had earlier imposed a similar sanction on crypto exchange Suex OTC for providing material support to ransomware actors.