The Biden administration blacklisted the NSO Group, an Israeli cyber-surveillance company, on Wednesday, saying that the company had supplied spyware that was used by foreign governments to “maliciously target” government officials, businesspeople, academics and journalists.
The company makes a sophisticated surveillance system known as Pegasus, which has been under scrutiny for years for its ability to stealthily extract sound recordings, photos, contacts, text messages and other information from targeted smartphones. In July, a consortium of media outlets reported that the app had been used extensively to hack smartphones owned by journalists from India, Morocco, France and elsewhere.
NSO said in an emailed statement that it was “dismayed by the decision.”
“Our technologies support U.S. national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed,” the company said.
NSO and three other companies were added to the so-called Entity List, which blocks foreign companies from buying certain types of sensitive American technology without a license, the Commerce Department’s Bureau of Industry and Security said in an announcement.
Candiru, an Israeli firm, was sanctioned based on evidence that it had developed and supplied spyware to foreign governments, the Commerce Department said. Positive Technologies of Russia and Computer Security Initiative Consultancy of Singapore were added to the list for trafficking in cybertools that help hackers gain unauthorized access to information systems, the announcement said.
“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials and organizations here and abroad,” Gina Raimondo, the commerce secretary, said in a statement.