On Wednesday, the 3rd of November, the U.S. Bureau of Industry and Security has released a Final Rule adding two Israeli, one Russian, and one Singapore company to the Entity List for malicious cyber activities.
The decision was taken by the End-User Review Committee (ERC), composed of representatives of the Departments of Commerce (Chair), State, Defense, Energy and the Treasury (where appropriate). The list now includes the following companies: · NSO Group (Israel); · Candiru (Israel); · Positive Technologies (Russia); · Computer Security Initiative Consultancy PTE. LTD. (Singapore).
As per the investigative information provided by the Committee, the Israeli companies NSO Group and Candiru ‘developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.’ Positive Technologies and Computer Security Initiative Consultancy PTE. LTD., were added to the list as their ‘traffic in cyber exploits used to gain access to information systems, was threatening the privacy and security of individuals and organizations worldwide.’ The Entity List aims to restrict the export, reexport, and in-country transfer of items subject to the United States Export Administration Regulations for entities for which there is reasonable cause to believe, based on specific and articulable facts, that the entities have been involved, are involved, or pose a significant risk of being or becoming involved in activities contrary to the national security or foreign policy interests of the United States. Source: U.S. Department of Commerce