The US has blacklisted Pegasus spyware maker NSO Group, saying that the Israeli company “developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
The Biden administration’s Commerce Department today announced a final rule that adds NSO Group and three other foreign companies to the Entity List “for engaging in activities that are contrary to the national security or foreign policy interests of the United States.” The other three companies are Israel-based Candiru, Russia-based Positive Technologies, and Singapore-based Computer Security Initiative Consultancy. Exports and transfers of their products will be restricted.
As we explained in a previous article, “Pegasus is frequently installed through ‘zero-click’ exploits, such as those sent by text messages, which require no interaction from victims.” Pegasus can jailbreak or root an iPhone or Android phone and make copies of call histories, text messages, calendar entries, and contacts. Pegasus can also activate cameras and microphones to eavesdrop, track a target’s movements, “and steal messages from end-to-end encrypted chat apps.”