Offensive Security Private Companies Inventory
This is a collection of any publicly known private companies who have been involved in nation-state offensive cyber operations. Most of them have been involved by providing capabilities such as software implants and intrusion sets (e.g. 0day exploits, exploitation frameworks, security bypassing techniques, communications interception products, etc.) If you noticed any private company that is publicly known for such activities and is not listed below, please let me know to update it accordingly.
Disclaimer: This is not about leaking any sensitive or confidential information, just aggregating what is already publicly available for this space. This is why all entries have an OSINT reference that already mentions this private entity as involved with this business. Also, the reason why you will not see any of the dozens of private companies that aren’t publicly known listed here.
A ChangeLog is available at the end of this page. The entries are listed in alphabetic order (based on the company’s name).
Last update: 18 February 2023
Name | Country | Founded | Status | OSINT Reference |
Ability | Israel | – | – | WikiLeaks |
ACE Labs | Israel | 2016 | Active | Calcalist |
Accuvant | USA | 2002 | Merged (with Optiv) | TechnologyReview |
AFB Systems | UAE | 2021 | Active | IntelligenceOne |
Advanced Impact Media Solutions | Israel | 2018 | Active | The Guardian |
Altrnativ | France | 2020 | Active | Politico |
Aliada Group Inc. | Israel | 2017 | Active | CitizenLab |
Amesys | France | 2008 | Ceased (succeeded by Nexa Tech) | WikiLeaks |
Anomaly Six | USA | 2018 | Active | The Intercept |
Arcanum Global | UK | 2006 | Active | EFF |
AREA Intelligence Mindset | Italy | 1996 | Active | |
Argeniss | Argentina | 2005 | Acquired by IOActive | ZDNet |
Azienda Informatica Italiana | Italy | 2019 | Active | n |
Azimuth Security | Australia | 2010 | Acquired by L3 | Vice, Motherboard |
Balinese Ltd. | Israel | 2019 | Active | CitizenLab |
BellTroX InfoTech Services | India | 2011 | Active | Reuters |
Birmingham Cyber Arms | UK | 2019 | Ceased | Wikipedia |
bitCorp | Italy | 2018 | Active | IntelligenceOnline |
Black Cube | Israel | 2010 | Active | Reuters |
Bluehawk CI Group | Israel | 2020 | Active | Reuters |
Boldend | USA | 2017 | Active | IntelligenceOnline |
Cambridge Consultants | UK | 1960 | Active | WikiLeaks |
Candiru | Israel | 2014 | Ceased (succeeded by DF Associates Ltd.) | Wikipedia |
Cellebrite | Israel | 1999 | Active | Wikipedia |
Circles | Israel | 2008 | Merged (with NSO Group) | CitizenLab |
ClearTrail | India | 2001 | Active | WikiLeaks |
ClevCode | Cyprus | 2022 | Active | IntelligenceOnline |
Cobwebs Technologies | USA | 2015 | Active | Reuters |
COSEINC | Singapore | 2004 | Active | U.S. DoC |
Cognyte | Israel | 2021 | Active | |
Crowdfense | UAE | 2017 | Active | WIRED |
CY4GATE | Italy | 2014 | Active | |
Cyber Intelligence, S.L. | Spain | 2020 | Active | EX Files |
CyberOne Group | Vietnam | 2014 | Ceased | Reuters |
CyberPoint | USA | 2015 | Active | Wikipedia |
CyberRoot Risk Advisory | India | 2013 | Active | IntelligenceOnline |
Cycura | Canada | 2013 | Active | IntelligenceOnline |
Cytrox EMEA Ltd. | Israel | 2017 | Ceased (succeeded by Balinese Ltd.) | CitizenLab |
Cytrox Holdings Zrt | Hungary | 2017 | Active | CitizenLab |
Cytrox Software Ltd. | Israel | 2017 | Ceased (succeeded by Peterbald Ltd.) | CitizenLab |
DarkMatter Group | UAE | 2014 | Active | Wikipedia |
Dataflow Security | Italy | 2019 | Active | Forbes |
DEFENTEK | Panama | 2010 | Active | 31c3 |
Deveryware | France | 2003 | Active | |
DF Associates Ltd. | Israel | 2017 | Ceased (succeeded by Grindavik) | CitizenLab |
Dialogic | USA | 2008 | Active | WikiLeaks |
Digital Clues | Switzerland | 2010 | Acquired by Cellebrite | IntelligenceOnline |
Digital14 | UAE | 2020 | Active | IntelligenceOnline |
DigiTask | Germany | – | Unknown | WikiLeaks |
DSIRF GmbH | Austria | 2016 | Active | Microsoft |
Dreamlab Technologies AG | Switzerland | 1997 | Active | WikiLeaks |
DUASYNT | Australia | 2021 | Active | IntelligenceOnline |
Eitanium | Cyprus | 2021 | Active | IntelligenceOnline |
Elaman | Germany | – | Active | Privacy Intl. |
ELTA Systems Ltd. | Israel | 1967 | Active | WikiLeaks |
Emen Net Pasargad | Iran | – | Active | Treadstone 71 |
Endgame Systems | USA | 2008 | Active | Krebs on Security |
Equus Technologies | Israel | 2015 | Ceased | WIRED |
Ercom | France | 1986 | Acquired by Thales | IntelligenceOnline |
Exodus Intelligence | USA | 2012 | Active | TechDirt |
ExploitHub | USA | 2010 | Active | FastCompany |
FinFisher GmbH | Germany | 1990 | Ceased (succeeded by Vilicius Holding) | Heise Online |
Foundry Zero | UK | 2021 | Active | IntelligenceOnline |
Fox-IT | Netherlands | 1999 | Acquired by NCC | WikiLeaks |
Gamma Group | Germany | 1990 | Active | Wikipedia |
GLEG | USA | 2003 | Active | ISE.io |
Glimmerglass Networks | USA | 2000 | Active | WikiLeaks |
Go Root | Germany | 2017 | Ceased | MarketResearchTelecast |
GRIMM | USA | 2013 | Active | GRIMM careers |
Grindavik Solutions | Israel | 2018 | Ceased (succeeded by Taveta Ltd.) | CitizenLab |
Grugq | Thailand | – | Ceased | WIRED |
Hacking Team | Italy | 2003 | Ceased (succeeded by Memento Labs) | Wikipedia |
iDefense | USA | 1998 | Ceased | Krebs on Security |
Ikon Arge Teknoloji | Turkey | 2022 | Active | IntelligenceOnline |
Incredity Intel | Germany | 2019 | Active | IntelligenceOnline |
Innefu Labs Pvt. Ltd | India | 2010 | Active | Amnesty |
InformInvestGroup CJSC | Russia | 2017 | Active | ZDNet |
IPS Intelligence | Italy | 2000 | Active | WikiLeaks |
INFRA (Intelligence Framework) | USA | 2016 | Active | EinPresWire |
Intellexa | Israel | 2019 | Active | |
JENOVICE Cyber Labs | Israel | 2012 | Active | |
Jimmy Sabien | USA | – | Unknown | WIRED |
Krikel | Greece | 2014 | Active | ReportersUnited |
Kudu Dynamics LLC | USA | 2013 | Active | WIRED |
Kyrus Tech | USA | 2009 | Active | |
Lambercy Ltd. | Cyprus | 2017 | Active | IntelligenceOnline |
L3 Harris Trenchant | USA | 2018 | Active | |
Lench IT Solutions (FinFisher) | UK | 1990 | Active | Wikipedia |
Linchpin Labs | Canada | 2007 | Acquired by L3 | Crunchbase |
ManTech International | USA | 1968 | Active | Vice, Motherboard |
Memento Labs | Italy | 2019 | Active | Vice, Motherboard |
Merlinx | Israel | 2014 | Active | Intelligence Online |
Mollitiam Industries | Spain | 2018 | Active | WIRED |
negg | Italy | 2013 | Active | WIRED |
Netragard, Inc | USA | 2006 | Active | LIFARS |
NetSage | USA | 2006 | Active | |
Nexa Technologies | France | 2012 | Active | TechReview |
NICE | Israel | 1986 | Active | WikiLeaks |
NSO Group | Israel | 2010 | Active | Wikipedia |
NVWA Project | China | 2019 | Active (former Seabug) | Official website |
ODT (Oday) LLC | Russia | – | Unknown | ZDNet |
Operation Zero (OpZero) | Russia | 2021 | Active | IntelligenceOnline |
Optiv | USA | 2013 | Active | TechReview |
OryxLabs | UAE | 2020 | Active | IntelligenceOnline |
Passitora Ltd. | Cyprus | 2020 | Active | CitizenLab |
Paragon | USA | 2016 | Active | Schneier.com |
Pavo Group | Turkey | 2021 | Active | IntelligenceOnline |
PenLink | USA | 1986 | Active | Forbes |
Peterbald Ltd. | Israel | 2019 | Active | CitizenLab |
Prixie Ltd. | Cyprus | 2017 | Active | IntelligenceOnline |
Pwnzen Infotech | China | 2014 | Active | IntelligenceOnline |
PICSIX | Israel | 2011 | Active | Israeli MoD |
PixiePoint | Singapore | 2019 | Active (Exodus partner) | Website |
Positive Technologies (PT) | Russia | 2002 | Active | U.S. DoC |
Q Cyber Technologies | Luxembourg | 2016 | Active | Al-Monitor |
QuaDream | Israel | 2016 | Active | Reuters |
Quantum Research Institute | Russia | – | Unknown | BBC |
Q-Recon | Israel | 2018 | Ceased | Black Hat USA |
Rayzone Group | Israel | 2009 | Active | |
RCS S.p.A. | Italy | 1993 | Active | |
ReVuln | Malta | 2012 | Active | Krebs on Security |
Riscure BV | Netherlands | 2001 | Active | EX Files |
Roke Manor Research | UK | 1956 | Active | WikiLeaks |
Root9b | USA | 2011 | Ceased (acquired by Deloitte) | Gazette |
Saito Tech Ltd. | Israel | 2020 | Active | CitizenLab |
Seabug | China | 2006 | Unknown (started NVWA) | Seabug post |
Secfense | India | 2018 | Active | IntelligenceOnline |
SiberAsist | Turkey | 2016 | Active | IntelligenceOnline |
STEALIEN Inc. | S. Korea | 2015 | Active | Official website |
Suneris | France | 2017 | Acquired by Thales | Wikipedia |
Synacktiv | France | 2012 | Active | EX Files |
Syndis | Iceland | 2013 | Active | DarkReading |
SyTech | Russia | – | – | ZDNet |
Taveta Ltd. | Israel | 2019 | Ceased (succeeded by Saito Tech Ltd.) | CitizenLab |
Technikon Forschungs | Austria | 2019 | Active | EX Files |
Texplained | France | 2015 | Active | EX Files |
Thales Group | France | 2000 | Active | IntelligenceOnline |
Toka | Israel | 2018 | Active | MPN News |
trovicor Intelligence | UAE | 2009 | Active | |
TRUEL IT | Italy | 2015 | Active | IntelligenceOnline |
Two Six Technologies | USA | 2011 | Active | IntelligenceOnline |
TYKElab Srl | Italy | 2010 | Active | LighthouseReports |
Variston IT | Spain | 2018 | Active | IntelligenceOnline |
VASTech SA Pty Ltd. | S. Africa | 1999 | Active | TheIntercept |
VBI (vulnbroker[.]com) | USA | – | Unknown | WikiLeaks |
Verint | Israel | 1994 | Ceased (succeeded by Cognyte) | Israeli MoD |
Vilicius Holding GmbH | Germany | 2020 | Active | Heise Online |
Vitaliy “tovis” Toropov | Russia | – | Unknown | ArsTechnica |
Vupen | France | 2004 | Ceased (succeeded by Zerodium) | Wikipedia |
Wintego | Israel | 2012 | Active | Forbes |
WiSpear | Cyprus | 2013 | Ceased (succeeded by Passitora Ltd.) | CyberScoop |
xen1thLabs | UAE | 2019 | Merged with Digital14 | |
Zero Security Research Lab | USA | 2020 | Active | |
Zerodium | USA | 2015 | Active | Wikipedia |
Zeronomicom | Italy | 2016 | Active | LIFARS |
ZeroDay Technology | USA | – | Active | LIFARS |
ChangeLog
- 18 Feb. 2023: Added “Advanced Impact Media Solutions (AIMS)”
- 06 Feb. 2023: Added “OryxLabs”
- 27 Jan. 2023: Added “Two Six Technologies”
- 26 Jan. 2023: Added “Merlinx”
- 23 Dec. 2022: Added “STEALIEN Inc.”
- 13 Dec. 2022: Added “Altrnativ”
- 13 Dec. 2022: Added “Foundry Zero”
- 10 Dec. 2022: Added “SiberAsist”
- 06 Dec. 2022: Added “Prixie”
- 05 Dec. 2022: Added “CyberRoot Risk Advisory”
- 03 Dec. 2022: Added “Pavo Group”
- 03 Dec. 2022: Added “Cycura”
- 03 Dec. 2022: Added “ClevCode”
- 19 Nov. 2022: Added “Ikon Arge Teknoloji”
- 14 Nov. 2022: Added “Krikel”
- 12 Nov. 2022: Added “Q Cyber Technologies”
- 12 Nov. 2022: Added “Operation Zero”
- 03 Sep. 2022: Added “Azienda Informatica Italiana”
- 03 Sep. 2022: Added “TYKElab Srl”
- 28 Jul. 2022: Added “ACE Labs”
- 27 Jul. 2022: Added “DSIRF GmbH” (credits: @notmugrat)
- 22 Jul. 2022: Added “Vilicius Holding” and updated FinFisher
- 22 Jun. 2022: Added “Toka” (credits: @mrkoot)
- 23 Apr. 2022: Added “Anomaly Six” (also known as A6)
- 24 Mar. 2022: Added “bitCorp”
- 26 Feb. 2021: Added “PenLink”
- 03 Feb. 2021: Added “QuaDream”
- 17 Dec. 2021: Added “Aliada Group Inc.”
- 17 Dec. 2021: Added “Passitora Ltd.”
- 17 Dec. 2021: Added “Bluehawk CI Group”
- 17 Dec. 2021: Added “BellTroX InfoTech Services”
- 17 Dec. 2021: Added “Cobwebs Technologies”
- 17 Dec. 2021: Added “Black Cube”
- 17 Dec. 2021: Added “Peterbald Ltd”
- 17 Dec. 2021: Added “Balinese Ltd.”
- 17 Dec. 2021: Added “Cytrox”
- 14 Dec. 2021: Added “DEFENTEK”
- 04 Dec. 2021: Updated “Fox-IT” 2015 acquisition [link] (credits: Ilja van Sprundel)
- 04 Dec. 2021: Added “Vastech”
- 22 Nov. 2021: Added “AFB Systems”
- 22 Nov. 2021: Added “INFRA (Intelligence Framework)”
- 22 Nov. 2021: Added “Eitanium”
- 19 Nov. 2021: Added “Negg”
- 18 Nov. 2021: Added “NVWA Project” (credits: @08Tc3wBB)
- 18 Nov. 2021: Added “Seabug” (credits: @08Tc3wBB)
- 15 Nov. 2021: Added “Pwnzen Infotech”
- 15 Nov. 2021: Added “Nexa Technologies”
- 15 Nov. 2021: Added “Dataflow Security” (credits: @08Tc3wBB)
- 12 Nov. 2021: Added “COSEINC” (credits: @08Tc3wBB)
- 12 Nov. 2021: Updated “Argeniss” as acquired by IOActive in 2011 (see CBInsights)
- 11 Nov. 2021: Added “NetSage”
- 11 Nov. 2021: Added “Boldend” (credits: @slaeryan)
- 11 Nov. 2021: Added “Kudu Dynamics LLC” (credits: @slaeryan)
- 11 Nov. 2021: Added “Optiv”
- 11 Nov. 2021: Added “Accuvant”
- 04 Nov. 2021: Added “Positive Technologies (PT Security)”
- 26 Oct. 2021: Added “Verint”
- 26 Oct. 2021: Added “Rayzone Group”
- 26 Oct. 2021: Added “Suneris”
- 26 Oct. 2021: Added “PICSIX”
- 26 Oct. 2021: Added “Ercom”
- 26 Oct. 2021: Added “Thales Group”
- 26 Oct. 2021: Added “Intellexa”
- 26 Oct. 2021: Added “AREA Intelligence Mindset”
- 26 Oct. 2021: Added “trovicor Intelligence”
- 26 Oct. 2021: Added “Cognyte”
- 26 Oct. 2021: Added “Deveryware”
- 26 Oct. 2021: Added “JENOVICE Cyber Labs”
- 26 Oct. 2021: Added “Wintego”
- 26 Oct. 2021: Added “CY4GATE”
- 26 Oct. 2021: Added “Mollitiam”
- 26 Oct. 2021: Added “Secfense”
- 26 Oct. 2021: Added “Zero Security Research Lab”
- 26 Oct. 2021: Added “DUASYNT”
- 26 Oct. 2021: Added “TRUEL IT”
- 26 Oct. 2021: Added “Variston”
- 26 Oct. 2021: Added “Lambercy Ltd.”
- 26 Oct. 2021: Added “Digital Clues”
- 26 Oct. 2021: Added “Digital14”
- 26 Oct. 2021: Added “xen1thLabs”
- 24 Oct. 2021: Added “Argeniss”
- 24 Oct. 2021: Added “GLEG”
- 24 Oct. 2021: Added “Vitaliy Toropov”
- 24 Oct. 2021: Added “ExploitHub”
- 24 Oct. 2021: Added “VBI (vulnbroker[.]com)” (credits: izabovmi)
- 23 Oct. 2021: Added “Arcanum Global”
- 22 Oct. 2021: Added “GRIMM”
- 22 Oct. 2021: Added “Texplained”
- 22 Oct. 2021: Added “Riscure BV”
- 22 Oct. 2021: Added “Cyber Intelligence, S.L.”
- 22 Oct. 2021: Added “Technikon Forschungs”
- 22 Oct. 2021: Added “Synacktiv”
- 22 Oct. 2021: Added “PixiePoint”
- 21 Oct. 2021: Added “Linchpin Labs”
- 21 Oct. 2021: Added “Trenchant”
- 18 Oct. 2021: Added “Root9b”
- 18 Oct. 2021: Added “ManTech”
- 18 Oct. 2021: Added “Syndis”
- 18 Oct. 2021: Added “Incredity Intel”
- 18 Oct. 2021: Added “Kyrus Tech”
- 17 Oct. 2021: Added the “Disclaimer” to avoid misconceptions
- 17 Oct. 2021: Added “Azimuth Security”
- 17 Oct. 2021: Marked “Birmingham Cyber Arms” as Ceased (credits: @_darrenmartyn)
- 17 Oct. 2021: Added “Go Root”
- 17 Oct. 2021: Marked “Grugq” as Ceased (credits: @cynicalsecurity)
- 17 Oct. 2021: Initial release.