US Adds Foreign Companies to List for Malicious Cyber Activities

Washington, DC (STL.NewsThe US Department of State released the following statement:

Today, the U.S. Government added four foreign companies to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the United States.  The four entities are Candiru, NSO Group, Computer Security Initiative Consultancy PTE (COSEINC), and Positive Technologies.

We are not taking action against countries or governments where these entities are located.

These additions follow an October 2021 interim final rule published by the Department of Commerce establishing controls of certain items that can be used for malicious cyber activities; that rule implements decisions taken by the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.

NSO Group and Candiru were added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.

Positive Technologies and COSEINC were added to the Entity List based on a determination that they misuse and traffic cyber tools that are used to gain unauthorized access to information systems in ways that are contrary to the national security or foreign policy of the United States, threatening the privacy and security of individuals and organizations worldwide.

As part of its commitment to put human rights at the center of U.S. foreign policy, the Biden-Harris Administration is working to stop the proliferation and misuse of digital tools used for repression.  This effort is aimed at improving citizens’ digital security, combating cyber threats, and mitigating unlawful surveillance.

The Entity List is a tool used by the Department of Commerce Bureau of Industry and Security (BIS) to restrict the export, re-export, and in-country transfer of items subject to the Export Administration Regulations (EAR) to persons – individuals, organizations, and/or companies – reasonably believed to be involved, have been involved, or pose a significant risk to being or becoming involved, in activities contrary to the national security or foreign policy interests of the United States.