{
	"id": "8fedf28a-c0b0-4718-bf3b-dabf190169cd",
	"created_at": "2026-04-06T00:08:31.548359Z",
	"updated_at": "2026-04-10T13:13:10.640772Z",
	"deleted_at": null,
	"sha1_hash": "d2ed384634a71037599c31e1d9295a5aaf49afe4",
	"title": "US sanctions four companies selling hacking tools, including NSO Group \u0026 Candiru",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 137747,
	"plain_text": "US sanctions four companies selling hacking tools, including NSO\r\nGroup \u0026 Candiru\r\nBy Catalin Cimpanu\r\nPublished: 2022-12-18 · Archived: 2026-04-05 13:08:07 UTC\r\nThe US government has sanctioned today four companies that develop and sell spyware and other hacking tools,\r\nthe US Department of Commerce announced today.\r\nThe four companies include Israel's NSO Group and Candiru, Russian security firm Positive Technologies, and\r\nSingapore-based Computer Security Initiative Consultancy.\r\nUS officials said the four companies engaged in \"activities that are contrary to the national security or foreign\r\npolicy interests of the United States.\"\r\nCommerce officials said NSO Group and Candiru \"developed and supplied spyware to foreign governments that\r\nused these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and\r\nembassy workers.\"\r\nThe US said these tools were abused by foreign governments to conduct trans-national repression of dissidents,\r\njournalists, and activists outside of those governments' sovereign borders.\r\nSimilarly, Positive Technologies and CSIC were accused of creating and selling \"cyber tools\" that were later used\r\nto hack individuals and organizations worldwide.\r\nhttps://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/\r\nPage 1 of 4\n\nThe four companies, including their aliases (detailed in the table above), were added to a list of entities engaging\r\nin malicious cyber activities that is currently maintained by the Commerce Department's Bureau of Industry and\r\nSecurity (BIS).\r\nUS companies and agencies must obtain a special license from BIS before buying, exporting, or transferring any\r\ncyber tools developed by the four companies. Commerce officials said that all applicants should expect a\r\n\"presumption of denial\" when applying for this license.\r\nThe sanctions today will make it harder for any of these companies to work with US individuals and contractors,\r\nlimiting the four's ability to work with US-based partners.\r\n\"Today's action is a part of the Biden-Harris Administration's efforts to put human rights at the center of US\r\nforeign policy, including by working to stem the proliferation of digital tools used for repression,\" the Department\r\nof Commerce said in a press release today, announcing its decision.\r\nhttps://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/\r\nPage 2 of 4\n\nThe Department of Commerce did not reveal the finer points and evidence it used to sanction the four companies,\r\nbut for three of the four sanctioned companies, there's been some public reporting of how their hacking tools have\r\nbeen abused over the past few years:\r\nNSO Group developed the Pegasus hacking platform, which the company rents to foreign governments.\r\nPegasus abuses have been very well documented across the years.\r\nCandiru was recently exposed in reports by Microsoft and Citizen Lab as the creators of the DevilsEye\r\nWindows spyware. The company’s hack-for-hire offerings have been known for years, and the company is\r\nalso believed to have also developed and sold zero-day exploits for Chrome, Internet Explorer, and\r\nWindows.\r\nPositive Technologies has been accused of having developed and sold exploits to Russian intelligence\r\nagencies. The company was already under US Treasury sanctions since April this year.\r\nFewer details are available about Singapore-based CSIC, but the company is known for running an exploit\r\nacquisition program named Pwn0rama. There is currently no public reporting linking exploits bought via this\r\nprogram to known attacks, however, sources familiar with the exploit brokerage market have told The Record that\r\nthe company has close ties to the Chinese market.\r\nThe Record has sent requests for comment on today's sanctions to Positive Technologies, CSIC, and NSO Group.\r\nNo contact details were available for Candiru. The NSO Group has provided the following statement:\r\nNSO Group is dismayed by the decision given that our technologies support US national security\r\ninterests and policies by preventing terrorism and crime, and thus we will advocate for this decision to\r\nbe reversed.\r\nWe look forward to presenting the full information regarding how we have the world’s most rigorous\r\ncompliance and human rights programs that are based the American values we deeply share, which\r\nalready resulted in multiple terminations of contacts with government agencies that misused our\r\nproducts.\r\nNSO spokesperson\r\nArticle updated with NSO Group statement.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nhttps://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/\r\nPage 3 of 4\n\nNo previous article\r\nNo new articles\r\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/\r\nhttps://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru/"
	],
	"report_names": [
		"us-sanctions-four-companies-selling-hacking-tools-including-nso-group-candiru"
	],
	"threat_actors": [
		{
			"id": "38f8da87-b4ba-474b-83e6-5b04d8fb384b",
			"created_at": "2024-02-02T02:00:04.032871Z",
			"updated_at": "2026-04-10T02:00:03.532955Z",
			"deleted_at": null,
			"main_name": "Caramel Tsunami",
			"aliases": [
				"SOURGUM",
				"Candiru"
			],
			"source_name": "MISPGALAXY:Caramel Tsunami",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434111,
	"ts_updated_at": 1775826790,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d2ed384634a71037599c31e1d9295a5aaf49afe4.pdf",
		"text": "https://archive.orkl.eu/d2ed384634a71037599c31e1d9295a5aaf49afe4.txt",
		"img": "https://archive.orkl.eu/d2ed384634a71037599c31e1d9295a5aaf49afe4.jpg"
	}
}