Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

US government blacklists four companies due to national security concerns

By Maria Henriquez
global-security-freepik5482y.jpg
November 5, 2021

The United States Government has added four foreign companies to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the U.S. The U.S. Government has added four foreign companies to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the United States. The four entities are Candiru, NSO Group, Computer Security Initiative Consultancy PTE (COSEINC) and Positive Technologies.


The Entity List is a tool used by the Department of Commerce Bureau of Industry and Security (BIS) to restrict the export, re-export and in-country transfer of items subject to the Export Administration Regulations (EAR) to persons — individuals, organizations and/or companies —  reasonably believed to be involved, have been involved, or pose a significant risk to being or becoming involved, in activities contrary to the national security or foreign policy interests of the United States.


The U.S. government is not taking action against countries or governments where these entities are located. This effort aims to improve citizens' digital security, combat cyber threats, and mitigate unlawful surveillance, the Department of State says.


Oliver Tavakoli, CTO at Vectra, a San Jose, Calif.-based AI cybersecurity company, says, "The murky business of supplying offensive cyber capabilities to governments across the world invariably leads these companies to make a judgment on what constitutes "appropriate use" of the technologies and whether their clients can be trusted to honor the spirit of constraints — often expressed in vague terms referring to "threats" and "security" — written into contracts. It's pretty clear that most governments ignore those constraints and do what they believe to be in the self-interest of the government and its current leader. However, the companies can then claim plausible deniability. These sanctions mostly represent a speed bump for these companies."


The update follows an October 2021 interim final rule published by the Department of Commerce establishing controls of certain items that can be used for malicious cyber activities; that rule implements decisions taken by the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.


According to the Department of State, NSO Group and Candiru were added to the Entity List "based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, business people, activists, academics, and embassy workers."


Positive Technologies and COSEINC were added to the Entity List based on a "determination that they misuse and traffic cyber tools that are used to gain unauthorized access to information systems in ways that are contrary to the national security or foreign policy of the United States, threatening the privacy and security of individuals and organizations worldwide."


Each of the additions to the Entity List is interesting in its own right; however, the most significant is almost certainly NSO Group, says Jake Williams, Co-Founder and CTO at BreachQuest, an Augusta, Georgia-based leader in incident response. "While NSO tried to spin its software as being used for legitimate purposes, it's clear that it has been used repeatedly to target journalists, activists, and government officials. It isn't just the targeting of these individuals that got NSO in hot water; it's that entities unfriendly to the U.S. used NSO tools to target friendly journalists, activists, etc. That's never a winning business plan."


The organizations COSEINC and Positive Technologies are perhaps more academically interesting, Williams says. "Both were added to the Entity List because they "misuse and traffic cyber tools that are used to gain unauthorized access to information systems in ways that are contrary to the national security or foreign policy of the United States, threatening the privacy and security of individuals and organizations worldwide." While Positive Technologies (a Russian company) isn't a surprise to see on this list, COSEINC (a Singapore company) is. COSEINC had largely flown under the public radar before today, though prior reporting from Joseph Cox of Motherboard/VICE identified the firm as a zero-day vendor in 2018. It appears likely that COSEINC was found to be selling exploits or collaborating with foreign intelligence organizations or cybercriminals to have gained such a designation on the Entity List."


 According to the Digital Shadows Photon Research Team, NSO Group's addition to the Entity List is likely to garner the most attention out of the four; the company was alleged to have been placed on the list because it had supplied spyware to foreign governments. "The statement alleges that NSO Group's spyware — likely referring to its "Pegasus" suite of exploits and tools — was used to target a range of individuals, including embassy workers, government officials, academics, and activists. The four entities were highly likely perceived to be operating against the United States national security interests and their position on global human rights. Being added to the Entity List is typically a punitive measure and often falls in line with pre-existing U.S. policy. Companies placed on the Entity List are subject to trading restrictions; being added to the list means they cannot purchase U.S. technology or goods without a license provided by the U.S. Department of Commerce. However, U.S. citizens are not barred from trading with organizations on the Entity List."

KEYWORDS: cyber security federal security national security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • voting election

    How $377 million will be lost due to ad fraud in the 2020 US campaign

    See More
  • ADS-B Exchange-ukraine.jpg

    Evacuation efforts underway in Ukraine due to safety & security concerns

    See More
  • cybersecurity-laptop

    NSA outlines requirements for secure collaboration services for US government telework

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing