The U.S. Bureau of Occupational Safety and Security (BIS) announced on November 3 (local time) that it has blacklisted four companies that develop and sell spyware and other hacking tools and severely restrict deployments in the country.
Target companies include NSO Group, an Israeli company that develops Pegasus, a surveillance software for smartphones, Candiru, an Israeli company that develops malware targeting Windows zero-day vulnerabilities (DevilsTongue), and Intel CPU There are four companies: Positive Technologies, a Russian company that has a track record of uncovering vulnerabilities in Intel’s Management Engine (ME), and Computer Security Initiative Consultancy (CSIS), a Singaporean security company.
BIS regulations require US companies and institutions to acquire special licenses from BIS when purchasing tools from these four companies. BIS accused the four companies of developing and delivering maliciously targeted spyware to foreign governments, saying they were engaged in activities contrary to US national security or foreign policy interests. The BIS also said the move was part of US foreign policy efforts, including efforts to stem the proliferation of digital tools used for hacking.
The NSO Group is disappointed with this decision and should reverse this decision, given that its technology supports U.S. national security interests and policies in preventing terrorism or crime. “We have a deep understanding of the world’s most stringent compliance and human rights programs based on American values and look forward to providing complete information on how these decisions are being made,” he said. Related information can be found here.