NSO Spyware Is On US Trade Blacklist

The US Department of Commerce has recently blacklisted two Israeli phone spyware companies, NSO Group and Candiru, adding them to the list of foreign companies that engage in malicious cyber activities. The ban is the biggest step taken by the US so far  to curb abuses in the global market for spyware, which is for all practical purposes, is unregulated. 

The move by the Commerce Department was driven by NSO’s export around the world of a sophisticated surveillance system known as Pegasus, which can be remotely implanted in smartphones.

NSO Group and the lesser-known Candiru, considered its competitor in the cyber-surveillance market, were accused of providing spyware software to governments that was ultimately turned on journalists and activists.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” US Secretary of Commerce Gina M. Raimondo said in a statement.“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organisations here and abroad.”

Pegasus military-grade spyware developed and sold by Israel's NSO Group has emerged as a formidable cyber weapon, used by some of its more autocratic customers in the Middle East to target a wide range of people, not just criminals and terrorists. Pegasus has reportedly been used by nation states including UAE, Morocco and Saudi Arabia to target the phones of rights activists and journalists.

NSO Group said it was "dismayed" by the decision, adding that its technology helped maintain US national security by "preventing terrorism and crime". It has long maintained that its software is sold only to military, law enforcement and intelligence agencies from countries with good human rights records. "We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based on the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," the company said in a statement.

US officials said that NSO Group and another Israeli firm, Candiru, had acted "contrary to the national security or foreign policy interests of the United States".

Positive Technologies of Russia, and Computer Security Initiative Consultancy from Singapore, were also listed and the Department of Commerce said they trafficked in cyber tools used to gain unauthorised access to computer networks.

Details about the alleged use of Pegasus by NSO Group clients to target British citizens came to light in July after journalists working with cyber security campaigners, including Amnesty International, obtained a leaked database of 50,000 phone numbers selected by NSO Group clients. 

The numbers were linked to phones used by politicians, human rights defenders and journalists and forensic analysis of some of the devices found evidence that Pegasus software had been installed on them.

Haaretz:    LiveMint:     BBC:     FT:    Times of Israel:     Middle East Eye:     Middle East Eye:     NYT

You Might Also Read: 

Top Secret Israeli Hackers For Hire:

 

« Wanted: Pipeline Hackers - $10m Reward
Artificial Intelligence & The Technology Effects On Accounting »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

Kingsley Napley

Kingsley Napley

Cyber crime is an area of growing legal complexity. Our team of cyber crime lawyers have vast experience of the law in this area.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ConnectSecure

ConnectSecure

ConnectSecure (formerly CyberCNS) is a global cybersecurity company that delivers tools to identify and address vulnerabilities and manage compliance requirements.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.