US blacklists four surveillance and hacking tools suppliers, including NSO

Israeli firm Candiru, Russian security vendor Positive Technologies and Computer Security Initiative Consultancy also sanctioned

The US government has blacklisted four spyware companies, including the notorious Israeli firm NSO, whose Pegasus software was implicated in the killing of Saudi journalist and dissident Jamal Khashoggi.

The other companies that have been placed on the Department of Commerce's Entity List are another Israeli firm Candiru, Russian security vendor Positive Technologies and Computer Security Initiative Consultancy which is based in Singapore.

"NSO Group and Candiru were added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Department of Commerce says in a statement.

Meanwhile, Positive Technologies and Computer Security Initiative Consultancy were found to be trafficking in "cyber tools used to gain unauthorised access to information systems, threatening the privacy and security of individuals and organisations worldwide".

NSO's Pegasus software has been sold to governments including Mexico, Saudi Arabia, the United Arab Emirates, India, Bahrain, Azerbaijan, Hungary, Kazakhstan, Morocco, and Rwanda. Forbidden Stories and Amnesty International say that Pegasus may have been used to snoop on more than 1,000 journalists, rights activists and other prominent individuals from about 50 countries. The software was found on the phones of people close to Khashoggi, who was killed on the orders of the Saudi government.

Candiru is a similar company that sells spyware exclusively to governments, including repressive regimes. According to Citizen Lab, its spyware can infect and monitor iPhones, Androids, Macs, PCs and cloud accounts. And an Investigation by Microsoft and Citizen Lab found that it had targeted more than "100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."

Positive Technologies has already been sanctioned by the US Treasury. In April the agency said that Positive Technologies "hosts large-scale conventions that are used as recruiting events" for the Russia's Federal Security Service (FSB) and Main Intelligence Directorate (GRU).

Meanwhile, Computer Security Initiative Consultancy is also accused of pedalling hacking tools and "engagement in activities counter to US national security".

The Entity List is a register of organisations with which US companies cannot trade without first obtaining a special licence. Recent additions to the entity list include Chinese tech companies Huawei, ZTE, China Electronics Technology Group Corp (CETC) and Semiconductor Manufacturing International Corporation Incorporated (SMIC).