US sanctions NSO Group over Pegasus spyware

The Commerce Department adds the Israeli cybersecurity firm to its Entity List, which limits its ability to use American tech.

Carrie Mihalcik Former Managing Editor / News

Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV. Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.

Expertise Breaking News | Technology Credentials

Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.

See full bio

Carrie Mihalcik

Nov. 3, 2021 10:21 a.m. PT

2 min read

eyes-surveillance-security — Angela Lang/CNET

The US Commerce Department on Wednesday announced restrictions on the NSO Group, the Israel-based cybersecurity firm behind the Pegasus spyware that was uncovered on the phones of activists, journalists and executives earlier this year.

The NSO Group was added to the Entity List, which limits its ability to use American tech, based on evidence that the firm "developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Commerce Department said in a release. The agency added that NSO Group tools have also helped foreign governments "conduct transnational repression," threatening international order.

The spotlight hit the NSO Group in September after Apple released security updates for its iPhones, iPads, Apple Watches and Mac computers to close a vulnerability reportedly exploited by the invasive Pegasus spyware. The security fix stemmed from research done by a public interest cybersecurity group called Citizen Lab, which found a Saudi activist's phone had been infected with Pegasus. In July, researchers found evidence of attempted or successful installations of Pegasus on 37 phones of activists, journalists and business executives.

The NSO Group, which licenses surveillance software to government agencies, says its Pegasus software helps authorities combat criminals and terrorists who take advantage of encryption technology to go dark.

On Wednesday, the NSO Group said it was dismayed by the decision and will advocate for the action to be reversed.

"We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," said a NSO spokesperson.

The Commerce Department said the move was part of the Biden administration's efforts to "put human rights at the center of US foreign policy, including by working to stem the proliferation of digital tools used for repression."