U.S. blacklists Israeli spyware firm NSO and Candiru

The U.S. commerce department announced that they had added Israeli cyber offence firms NSO and Candiru to its blacklist saying they sold spyware to foreign governments that used it to target government officials, journalists and others.

Positive Technologies of Russia and Computer Security Initiative Consultancy PTE Ltd. from Singapore were also added in the blacklist. The Department said they trafficked in cyber tools used to gain unauthorized access to computer networks.

In the past, the NSO Group and Candiru have been accused of selling hacking tools to authoritarian regimes. NSO says it only sells its products to law enforcement and intelligence agencies and takes steps to curb abuse.

Unlike Iran who itself is a cyber superpower nation and develops its own spyware tools, other Middle Eastern nations such as Saudi Arabia, the UAE, Qatar used these products to infect the devices of their adversaries with the purpose of spying on them and their activities.

Saudi Arabia hired NSO Group’s Pegasus spyware to secretly target the smartphones of the two women closest to murdered Saudi columnist Jamal Khashoggi.

In 2016, UAE activist Ahmed Mansoor was targeted by a simple text message that asked him to tap on a link for information on detainees tortured in the UAE using NSO Group spyware.

Candiru received investment from Qatar Investment Bank for launching its cyber offensive operation. Its exploits have been linked to nation-state malware attacks observed in Uzbekistan, Saudi Arabia, Singapore, and the United Arab Emirates (UAE).

Earlier this year, investigative journalists also revealed that reporters and activists worldwide had been targeted with Pegasus by repressive governments. Even French President Emmanuel Macron and his cabinet were reportedly selected as targets.

According to the malware researcher, Matthieu Faou, who revealed the hacking campaigns, Eset set out to uncover the “watering holes” on well-known sites all the way back in 2018 when it developed its own custom anti-spyware system. In 2020, it discovered that an Iranian embassy website in the UAE’s capital, Abu Dhabi, had been infected with malware.

The sophisticated attacks allow the malware user to identify characteristics of the people who have visited the website, including the type of browser and operating system they are using. In some cases, the malware user can then launch an exploit that allows them to take over a single target’s computer.

Several Israeli companies, whose founders come from the intelligence and defence sectors, have developed technologies to hack and spy on mobile phones or computers.

In June, Quadream, another Tel Aviv-based company, was accused of selling a programme called Reign to Saudi authorities, which is capable of stealing data from phones and using them as tracking devices, without using covert links to enter the devices. The spyware Pegasus, developed by Israel’s largest surveillance company NSO Group, also uses zero-click technology and was sold to Saudi Arabia, among others.

The offensive cyber operations launched by these two major companies has been a major reason for US taking a strict step against banning them but will it be able to stop companies like NSO and Candiru from serving countries as their technology has been flowing through many off-shoot companies registered globally?