In short: The US Department of Commerce announced this week that it is sanctioning four groups for their role in espionage and other malicious attacks against people like journalists and Internet scientists. These include the controversial NSO Group and three other organizations from Israel, Russia and Singapore.
The Commerce Department’s Bureau of Industry and Security (BIS) is updating its list of sanctioned entities with a document that it plans to publish in full on Thursday, but for now visible to PDF now. It argues that all four groups engage in activities “contrary to the interests of national security or the foreign policy of the United States.”
The most famous of these is the Israeli NSO Group. The BIS document specifically points to the development of spyware, which it then supplied to governments to target people such as journalists, scientists, embassy officials and activists. The document mentions the Israeli group Candiru along with NSO in these accusations.
Last year, it was reported that the NSO is creating spyware to track the spread of the coronavirus. However, in September of this year, Apple had to release a security update for all of its operating systems to fix an exploit that NSO software has used since February to spy on people. NSO’s “Pegasus” spyware, a “zero-click exploit”, could infiltrate an Apple device by simply sending text without any action by the device user. He can access things on the iPhone like camera, microphone, or device settings.
The BIS document also mentions the Russian group Positive Technologies and the Singapore group Computer Security Initiative Consultancy PTE. LTD., As organizations that use cyber traffic. In 2017, Positive Technologies discovered a serious security hole that affected Intel processors. US Treasury previously sanctioned Positive Technologies for allegedly assisting the Russian special services in carrying out cyber attacks against the United States.
This means that a license from the End User Verification Committee will be required to export or transfer domestically items belonging to these organizations. These licenses for sanctioned entities are subject to “presumption of denial,” so they will automatically be denied except in special circumstances.
The US Department of Commerce recently banned the sale of hacking software to governments of “countries of concern.”