Offensive Security Private Companies Inventory
This is a collection of any publicly known private companies who have been involved in nation-state offensive cyber operations. Most of them have been involved by providing capabilities such as software implants and intrusion sets (e.g. 0day exploits, exploitation frameworks, security bypassing techniques, communications interception products, etc.) If you noticed any private company that is publicly known for such activities and is not listed below, please let me know to update it accordingly.
Disclaimer: This is not about leaking any sensitive or confidential information, just aggregating what is already publicly available for this space. This is why all entries have an OSINT reference that already mentions this private entity as involved with this business. Also, the reason why you will not see any of the dozens of private companies that aren’t publicly known listed here.
A ChangeLog is available at the end of this page. The entries are listed in alphabetic order (based on the company’s name).
Last update: 22 June 2022
Name | Country | Founded | Status | OSINT Reference |
Ability | Israel | – | – | WikiLeaks |
Accuvant | USA | 2002 | Merged (with Optiv) | TechnologyReview |
AFB Systems | UAE | 2021 | Active | IntelligenceOne |
Aliada Group Inc. | Israel | 2017 | Active | CitizenLab |
Amesys | France | 2008 | Ceased (succeeded by Nexa Tech) | WikiLeaks |
Anomaly Six | USA | 2018 | Active | The Intercept |
Arcanum Global | UK | 2006 | Active | EFF |
AREA Intelligence Mindset | Italy | 1996 | Active | |
Argeniss | Argentina | 2005 | Acquired by IOActive | ZDNet |
Azimuth Security | Australia | 2010 | Acquired by L3 | Vice, Motherboard |
Balinese Ltd. | Israel | 2019 | Active | CitizenLab |
BellTroX InfoTech Services | India | 2011 | Active | Reuters |
Birmingham Cyber Arms | UK | 2019 | Ceased | Wikipedia |
bitCorp | Italy | 2018 | Active | IntelligenceOnline |
Black Cube | Israel | 2010 | Active | Reuters |
Bluehawk CI Group | Israel | 2020 | Active | Reuters |
Boldend | USA | 2017 | Active | IntelligenceOnline |
Cambridge Consultants | UK | 1960 | Active | WikiLeaks |
Candiru | Israel | 2014 | Ceased (succeeded by DF Associates Ltd.) | Wikipedia |
Cellebrite | Israel | 1999 | Active | Wikipedia |
Circles | Israel | 2008 | Merged (with NSO Group) | CitizenLab |
ClearTrail | India | 2001 | Active | WikiLeaks |
Cobwebs Technologies | USA | 2015 | Active | Reuters |
COSEINC | Singapore | 2004 | Active | U.S. DoC |
Cognyte | Israel | 2021 | Active | |
Crowdfense | UAE | 2017 | Active | WIRED |
CY4GATE | Italy | 2014 | Active | |
Cyber Intelligence, S.L. | Spain | 2020 | Active | EX Files |
CyberOne Group | Vietnam | 2014 | Ceased | Reuters |
CyberPoint | USA | 2015 | Active | Wikipedia |
Cytrox EMEA Ltd. | Israel | 2017 | Ceased (succeeded by Balinese Ltd.) | CitizenLab |
Cytrox Holdings Zrt | Hungary | 2017 | Active | CitizenLab |
Cytrox Software Ltd. | Israel | 2017 | Ceased (succeeded by Peterbald Ltd.) | CitizenLab |
DarkMatter Group | UAE | 2014 | Active | Wikipedia |
Dataflow Security | Italy | 2019 | Active | Forbes |
DEFENTEK | Panama | 2010 | Active | 31c3 |
Deveryware | France | 2003 | Active | |
DF Associates Ltd. | Israel | 2017 | Ceased (succeeded by Grindavik) | CitizenLab |
Dialogic | USA | 2008 | Active | WikiLeaks |
Digital Clues | Switzerland | 2010 | Acquired by Cellebrite | IntelligenceOnline |
Digital14 | UAE | 2020 | Active | IntelligenceOnline |
DigiTask | Germany | – | Unknown | WikiLeaks |
Dreamlab Technologies AG | Switzerland | 1997 | Active | WikiLeaks |
DUASYNT | Australia | 2021 | Active | IntelligenceOnline |
Eitanium | Cyprus | 2021 | Active | IntelligenceOnline |
Elaman | Germany | – | Active | Privacy Intl. |
ELTA Systems Ltd. | Israel | 1967 | Active | WikiLeaks |
Emen Net Pasargad | Iran | – | Active | Treadstone 71 |
Endgame Systems | USA | 2008 | Active | Krebs on Security |
Equus Technologies | Israel | 2015 | Ceased | WIRED |
Ercom | France | 1986 | Acquired by Thales | IntelligenceOnline |
Exodus Intelligence | USA | 2012 | Active | TechDirt |
ExploitHub | USA | 2010 | Active | FastCompany |
Fox-IT | Netherlands | 1999 | Acquired by NCC | WikiLeaks |
Gamma Group | Germany | 1990 | Active | Wikipedia |
GLEG | USA | 2003 | Active | ISE.io |
Glimmerglass Networks | USA | 2000 | Active | WikiLeaks |
Go Root | Germany | 2017 | Ceased | MarketResearchTelecast |
GRIMM | USA | 2013 | Active | GRIMM careers |
Grindavik Solutions | Israel | 2018 | Ceased (succeeded by Taveta Ltd.) | CitizenLab |
Grugq | Thailand | – | Ceased | WIRED |
Hacking Team | Italy | 2003 | Ceased (succeeded by Memento Labs) | Wikipedia |
iDefense | USA | 1998 | Ceased | Krebs on Security |
Incredity Intel | Germany | 2019 | Active | IntelligenceOnline |
Innefu Labs Pvt. Ltd | India | 2010 | Active | Amnesty |
InformInvestGroup CJSC | Russia | 2017 | Active | ZDNet |
IPS Intelligence | Italy | 2000 | Active | WikiLeaks |
INFRA (Intelligence Framework) | USA | 2016 | Active | EinPresWire |
Intellexa | Israel | 2019 | Active | |
JENOVICE Cyber Labs | Israel | 2012 | Active | |
Jimmy Sabien | USA | – | Unknown | WIRED |
Kudu Dynamics LLC | USA | 2013 | Active | WIRED |
Kyrus Tech | USA | 2009 | Active | |
Lambercy Ltd. | Cyprus | 2017 | Active | IntelligenceOnline |
L3 Harris Trenchant | USA | 2018 | Active | |
Lench IT Solutions (FinFisher) | UK | 1990 | Active | Wikipedia |
Linchpin Labs | Canada | 2007 | Acquired by L3 | Crunchbase |
ManTech International | USA | 1968 | Active | Vice, Motherboard |
Memento Labs | Italy | 2019 | Active | Vice, Motherboard |
Mollitiam Industries | Spain | 2018 | Active | WIRED |
negg | Italy | 2013 | Active | WIRED |
Netragard, Inc | USA | 2006 | Active | LIFARS |
NetSage | USA | 2006 | Active | |
Nexa Technologies | France | 2012 | Active | TechReview |
NICE | Israel | 1986 | Active | WikiLeaks |
NSO Group | Israel | 2010 | Active | Wikipedia |
NVWA Project | China | 2019 | Active (former Seabug) | Official website |
ODT (Oday) LLC | Russia | – | Unknown | ZDNet |
Optiv | USA | 2013 | Active | TechReview |
Passitora Ltd. | Cyprus | 2020 | Active | CitizenLab |
Paragon | USA | 2016 | Active | Schneier.com |
PenLink | USA | 1986 | Active | Forbes |
Peterbald Ltd. | Israel | 2019 | Active | CitizenLab |
Pwnzen Infotech | China | 2014 | Active | IntelligenceOnline |
PICSIX | Israel | 2011 | Active | Israeli MoD |
PixiePoint | Singapore | 2019 | Active (Exodus partner) | Website |
Positive Technologies (PT) | Russia | 2002 | Active | U.S. DoC |
QuaDream | Israel | 2016 | Active | Reuters |
Quantum Research Institute | Russia | – | Unknown | BBC |
Q-Recon | Israel | 2018 | Ceased | Black Hat USA |
Rayzone Group | Israel | 2009 | Active | |
RCS S.p.A. | Italy | 1993 | Active | |
ReVuln | Malta | 2012 | Active | Krebs on Security |
Riscure BV | Netherlands | 2001 | Active | EX Files |
Roke Manor Research | UK | 1956 | Active | WikiLeaks |
Root9b | USA | 2011 | Ceased (acquired by Deloitte) | Gazette |
Saito Tech Ltd. | Israel | 2020 | Active | CitizenLab |
Seabug | China | 2006 | Unknown (started NVWA) | Seabug post |
Secfense | India | 2018 | Active | IntelligenceOnline |
Suneris | France | 2017 | Acquired by Thales | Wikipedia |
Synacktiv | France | 2012 | Active | EX Files |
Syndis | Iceland | 2013 | Active | DarkReading |
SyTech | Russia | – | – | ZDNet |
Taveta Ltd. | Israel | 2019 | Ceased (succeeded by Saito Tech Ltd.) | CitizenLab |
Technikon Forschungs | Austria | 2019 | Active | EX Files |
Texplained | France | 2015 | Active | EX Files |
Thales Group | France | 2000 | Active | IntelligenceOnline |
Toka | Israel | 2018 | Active | MPN News |
trovicor Intelligence | UAE | 2009 | Active | |
TRUEL IT | Italy | 2015 | Active | IntelligenceOnline |
Variston IT | Spain | 2018 | Active | IntelligenceOnline |
VASTech SA Pty Ltd. | S. Africa | 1999 | Active | TheIntercept |
VBI (vulnbroker[.]com) | USA | – | Unknown | WikiLeaks |
Verint | Israel | 1994 | Ceased (succeeded by Cognyte) | Israeli MoD |
Vitaliy “tovis” Toropov | Russia | – | Unknown | ArsTechnica |
Vupen | France | 2004 | Ceased (succeeded by Zerodium) | Wikipedia |
Wintego | Israel | 2012 | Active | Forbes |
WiSpear | Cyprus | 2013 | Ceased (succeeded by Passitora Ltd.) | CyberScoop |
xen1thLabs | UAE | 2019 | Merged with Digital14 | |
Zero Security Research Lab | USA | 2020 | Active | |
Zerodium | USA | 2015 | Active | Wikipedia |
Zeronomicom | Italy | 2016 | Active | LIFARS |
ZeroDay Technology | USA | – | Active | LIFARS |
ChangeLog
- 22 Jun. 2022: Added “Toka” (credits: @mrkoot)
- 23 Apr. 2022: Added “Anomaly Six” (also known as A6)
- 24 Mar. 2022: Added “bitCorp”
- 26 Feb. 2021: Added “PenLink”
- 03 Feb. 2021: Added “QuaDream”
- 17 Dec. 2021: Added “Aliada Group Inc.”
- 17 Dec. 2021: Added “Passitora Ltd.”
- 17 Dec. 2021: Added “Bluehawk CI Group”
- 17 Dec. 2021: Added “BellTroX InfoTech Services”
- 17 Dec. 2021: Added “Cobwebs Technologies”
- 17 Dec. 2021: Added “Black Cube”
- 17 Dec. 2021: Added “Peterbald Ltd”
- 17 Dec. 2021: Added “Balinese Ltd.”
- 17 Dec. 2021: Added “Cytrox”
- 14 Dec. 2021: Added “DEFENTEK”
- 04 Dec. 2021: Updated “Fox-IT” 2015 acquisition [link] (credits: Ilja van Sprundel)
- 04 Dec. 2021: Added “Vastech”
- 22 Nov. 2021: Added “AFB Systems”
- 22 Nov. 2021: Added “INFRA (Intelligence Framework)”
- 22 Nov. 2021: Added “Eitanium”
- 19 Nov. 2021: Added “Negg”
- 18 Nov. 2021: Added “NVWA Project” (credits: @08Tc3wBB)
- 18 Nov. 2021: Added “Seabug” (credits: @08Tc3wBB)
- 15 Nov. 2021: Added “Pwnzen Infotech”
- 15 Nov. 2021: Added “Nexa Technologies”
- 15 Nov. 2021: Added “Dataflow Security” (credits: @08Tc3wBB)
- 12 Nov. 2021: Added “COSEINC” (credits: @08Tc3wBB)
- 12 Nov. 2021: Updated “Argeniss” as acquired by IOActive in 2011 (see CBInsights)
- 11 Nov. 2021: Added “NetSage”
- 11 Nov. 2021: Added “Boldend” (credits: @slaeryan)
- 11 Nov. 2021: Added “Kudu Dynamics LLC” (credits: @slaeryan)
- 11 Nov. 2021: Added “Optiv”
- 11 Nov. 2021: Added “Accuvant”
- 04 Nov. 2021: Added “Positive Technologies (PT Security)”
- 26 Oct. 2021: Added “Verint”
- 26 Oct. 2021: Added “Rayzone Group”
- 26 Oct. 2021: Added “Suneris”
- 26 Oct. 2021: Added “PICSIX”
- 26 Oct. 2021: Added “Ercom”
- 26 Oct. 2021: Added “Thales Group”
- 26 Oct. 2021: Added “Intellexa”
- 26 Oct. 2021: Added “AREA Intelligence Mindset”
- 26 Oct. 2021: Added “trovicor Intelligence”
- 26 Oct. 2021: Added “Cognyte”
- 26 Oct. 2021: Added “Deveryware”
- 26 Oct. 2021: Added “JENOVICE Cyber Labs”
- 26 Oct. 2021: Added “Wintego”
- 26 Oct. 2021: Added “CY4GATE”
- 26 Oct. 2021: Added “Mollitiam”
- 26 Oct. 2021: Added “Secfense”
- 26 Oct. 2021: Added “Zero Security Research Lab”
- 26 Oct. 2021: Added “DUASYNT”
- 26 Oct. 2021: Added “TRUEL IT”
- 26 Oct. 2021: Added “Variston”
- 26 Oct. 2021: Added “Lambercy Ltd.”
- 26 Oct. 2021: Added “Digital Clues”
- 26 Oct. 2021: Added “Digital14”
- 26 Oct. 2021: Added “xen1thLabs”
- 24 Oct. 2021: Added “Argeniss”
- 24 Oct. 2021: Added “GLEG”
- 24 Oct. 2021: Added “Vitaliy Toropov”
- 24 Oct. 2021: Added “ExploitHub”
- 24 Oct. 2021: Added “VBI (vulnbroker[.]com)” (credits: izabovmi)
- 23 Oct. 2021: Added “Arcanum Global”
- 22 Oct. 2021: Added “GRIMM”
- 22 Oct. 2021: Added “Texplained”
- 22 Oct. 2021: Added “Riscure BV”
- 22 Oct. 2021: Added “Cyber Intelligence, S.L.”
- 22 Oct. 2021: Added “Technikon Forschungs”
- 22 Oct. 2021: Added “Synacktiv”
- 22 Oct. 2021: Added “PixiePoint”
- 21 Oct. 2021: Added “Linchpin Labs”
- 21 Oct. 2021: Added “Trenchant”
- 18 Oct. 2021: Added “Root9b”
- 18 Oct. 2021: Added “ManTech”
- 18 Oct. 2021: Added “Syndis”
- 18 Oct. 2021: Added “Incredity Intel”
- 18 Oct. 2021: Added “Kyrus Tech”
- 17 Oct. 2021: Added the “Disclaimer” to avoid misconceptions
- 17 Oct. 2021: Added “Azimuth Security”
- 17 Oct. 2021: Marked “Birmingham Cyber Arms” as Ceased (credits: @_darrenmartyn)
- 17 Oct. 2021: Added “Go Root”
- 17 Oct. 2021: Marked “Grugq” as Ceased (credits: @cynicalsecurity)
- 17 Oct. 2021: Initial release.