Cyberwarfare / Nation-State Attacks , Endpoint Detection & Response (EDR) , Endpoint Protection Platforms (EPP)

Seeking a Buyer, NSO Group Announces Fresh CEO Plus Layoffs

Complication: Beleaguered Spyware Vendor Remains Blacklisted by US Government
Seeking a Buyer, NSO Group Announces Fresh CEO Plus Layoffs

Beleaguered spyware vendor NSO Group is attempting to reboot its corporate image by pledging to only sell its wares to NATO member countries.

See Also: OnDemand | Digital Doppelgängers: The Dual Faces of Deepfake Technology

As part of that strategy, the Tel Aviv, Israel-based company on Sunday announced that CEO Shalev Hulio will step down and continue efforts to find a buyer for the firm. Yaron Shohat, the chief operating officer, will become interim CEO.

The surveillance software maker is laying off about 100 employees, or 13% of its workforce, a source tells The Times of Israel.

The move comes as NSO Group continues to face widespread criticism for allowing its software to be used in inappropriate ways, including to target politicians, journalists and dissidents.

NSO Group says that the company's leadership will review "all aspects of its business, including streamlining its operations to ensure NSO remains one of the world's leading high-tech cyber intelligence companies, focusing on NATO-member countries."

NATO's current membership numbers 30 countries, including France, the United Kingdom and the United States.

Of those latter three countries alone, researchers have found Pegasus infections targeting the governments of the U.S. and U.K., while French President Emmanuel Macron's name appeared on an alleged Pegasus targeting list published last year.

NSO Group has long said it sells its products "solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts." The company does not publicly disclose its client list, but its products are reportedly used by law enforcement and intelligence agencies across about 45 countries.

Researchers Warn of Pegasus Targets

But multiple privacy and security researchers, including the team at the University of Toronto's Citizen Lab, continue to report on real-world use of Pegasus by autocratic regimes to target journalists, lawyers, human rights advocates and others.

Appearing before Congress last month, Citizen Lab senior researcher John Scott-Railton testified that "the most notorious mercenary spyware currently available is NSO Group's Pegasus, although there are many others." He warned that the use of such software had been used "in politics, elections and human rights abuses" (see: Tech Alone Won't Defeat Advanced Spyware, US Congress Told).

Examples abound, including "evidence of Pegasus infections on the phones of activists and opposition politicians in Thailand," he testified. "Earlier this spring, we confirmed the targeting and hacking of Catalan politicians, including Members of the European Parliament. Before that? Journalists in El Salvador, Polish opposition politicians, and Christian religious leaders in Africa - just to cite a few examples from recent years."

Calls Continue to Ban Modern Spyware

Attempts to rehabilitate NSO Group's image look set to face an uphill battle.

In February, the EU's privacy watchdog in February called for a ban on "modern spyware" such as Pegasus, saying it poses "unprecedented risks and damages" to individuals' rights and freedoms of individuals, to democracy, and to the rule of law.

Technology giants Facebook and Apple are both suing NSO Group for its alleged use of zero-day vulnerabilities to target users of their products.

Last November, the Biden administration blacklisted both NSO Group and Candiru, after finding they'd allegedly supplied spyware to foreign governments which was used to target officials, journalists, activists, academics, embassy workers and others.

At the time, the U.S. Department of Commerce added both firms to a list of entities blocked from purchasing any U.S. technology without a license, for their having allegedly engaged in activities "contrary to the national security or foreign policy interests of the U.S."

Since then, ProPublica reports that NSO Group has been funding a massive public relations campaign to convince the U.S. government to overturn the blacklisting.

The Israeli government has historically backed NSO Group. But after reports emerged in February that Israeli police had used Pegasus to track not only protestors and journalists but also the son of a former prime minister, lawmakers began probing the firm's practices. Ultimately, Israel's justice ministry cleared the police, noting they had been acting with a court order.

Ongoing Efforts to Find a Buyer

NSO Group had already been seeking potential buyers. In the meantime, it remains at risk of defaulting on debt that Moody's last November estimated to be $500 million, The Wall Street Journal reports.

Last month, U.S. defense contractor L3Harris Tech was in negotiations to purchase the firm, according to a joint news report from the Guardian, the Washington Post and Haaretz, after Intelligence Online first reported the news.

The Biden administration signaled it was not in favor of any such move. "Such a transaction, if it were to take place, raises serious counterintelligence and security concerns for the U.S. government," a senior White House official said at the time. Officials also noted that even if NSO Group was acquired by a cleared U.S. defense contractor, that would not necessarily result in its removal them from the blocklist.

After the acquisition talks became public, L3Harris Tech ceased discussions with NSO Group.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.