xorl %eax, %eax

Offensive Security Private Companies Inventory

This is a collection of any publicly known private companies who have been involved in nation-state offensive cyber operations. Most of them have been involved by providing capabilities such as software implants and intrusion sets (e.g. 0day exploits, exploitation frameworks, security bypassing techniques, communications interception products, etc.) If you noticed any private company that is publicly known for such activities and is not listed below, please let me know to update it accordingly.

Disclaimer: This is not about leaking any sensitive or confidential information, just aggregating what is already publicly available for this space. This is why all entries have an OSINT reference that already mentions this private entity as involved with this business. Also, the reason why you will not see any of the dozens of private companies that aren’t publicly known listed here.

A ChangeLog is available at the end of this page. The entries are listed in alphabetic order (based on the company’s name).

Last update: 22 June 2022

NameCountryFoundedStatusOSINT Reference
AbilityIsraelWikiLeaks
AccuvantUSA2002Merged (with Optiv)TechnologyReview
AFB SystemsUAE2021ActiveIntelligenceOne
Aliada Group Inc.Israel2017ActiveCitizenLab
AmesysFrance2008Ceased (succeeded by Nexa Tech)WikiLeaks
Anomaly SixUSA2018ActiveThe Intercept
Arcanum GlobalUK2006ActiveEFF
AREA Intelligence MindsetItaly1996ActiveLinkedIn
ArgenissArgentina2005Acquired by IOActiveZDNet
Azimuth SecurityAustralia2010Acquired by L3Vice, Motherboard
Balinese Ltd.Israel2019ActiveCitizenLab
BellTroX InfoTech ServicesIndia2011ActiveReuters
Birmingham Cyber ArmsUK2019CeasedWikipedia
bitCorpItaly2018ActiveIntelligenceOnline
Black CubeIsrael2010ActiveReuters
Bluehawk CI GroupIsrael2020ActiveReuters
BoldendUSA2017ActiveIntelligenceOnline
Cambridge ConsultantsUK1960ActiveWikiLeaks
CandiruIsrael2014Ceased (succeeded by DF Associates Ltd.)Wikipedia
CellebriteIsrael1999ActiveWikipedia
CirclesIsrael2008Merged (with NSO Group)CitizenLab
ClearTrailIndia2001ActiveWikiLeaks
Cobwebs TechnologiesUSA2015ActiveReuters
COSEINCSingapore2004ActiveU.S. DoC
CognyteIsrael2021ActiveLinkedIn
CrowdfenseUAE2017ActiveWIRED
CY4GATEItaly2014ActiveLinkedIn
Cyber Intelligence, S.L.Spain2020ActiveEX Files
CyberOne GroupVietnam2014CeasedReuters
CyberPointUSA2015ActiveWikipedia
Cytrox EMEA Ltd.Israel2017Ceased (succeeded by Balinese Ltd.)CitizenLab
Cytrox Holdings ZrtHungary2017ActiveCitizenLab
Cytrox Software Ltd.Israel2017Ceased (succeeded by Peterbald Ltd.)CitizenLab
DarkMatter GroupUAE2014ActiveWikipedia
Dataflow SecurityItaly2019ActiveForbes
DEFENTEKPanama2010Active31c3
DeverywareFrance2003ActiveLinkedIn
DF Associates Ltd.Israel2017Ceased (succeeded by Grindavik)CitizenLab
DialogicUSA2008ActiveWikiLeaks
Digital CluesSwitzerland2010Acquired by CellebriteIntelligenceOnline
Digital14UAE2020ActiveIntelligenceOnline
DigiTaskGermanyUnknownWikiLeaks
Dreamlab Technologies AGSwitzerland1997ActiveWikiLeaks
DUASYNTAustralia2021ActiveIntelligenceOnline
EitaniumCyprus2021ActiveIntelligenceOnline
ElamanGermanyActivePrivacy Intl.
ELTA Systems Ltd.Israel1967ActiveWikiLeaks
Emen Net PasargadIranActiveTreadstone 71
Endgame SystemsUSA2008ActiveKrebs on Security
Equus TechnologiesIsrael2015CeasedWIRED
ErcomFrance1986Acquired by ThalesIntelligenceOnline
Exodus IntelligenceUSA2012ActiveTechDirt
ExploitHubUSA2010ActiveFastCompany
Fox-ITNetherlands1999Acquired by NCCWikiLeaks
Gamma GroupGermany1990ActiveWikipedia
GLEGUSA2003ActiveISE.io
Glimmerglass NetworksUSA2000ActiveWikiLeaks
Go RootGermany2017CeasedMarketResearchTelecast
GRIMMUSA2013ActiveGRIMM careers
Grindavik SolutionsIsrael2018Ceased (succeeded by Taveta Ltd.)CitizenLab
GrugqThailandCeasedWIRED
Hacking TeamItaly2003Ceased (succeeded by Memento Labs)Wikipedia
iDefenseUSA1998CeasedKrebs on Security
Incredity IntelGermany2019ActiveIntelligenceOnline
Innefu Labs Pvt. LtdIndia2010ActiveAmnesty
InformInvestGroup CJSCRussia2017ActiveZDNet
IPS IntelligenceItaly2000ActiveWikiLeaks
INFRA (Intelligence Framework)USA2016ActiveEinPresWire
IntellexaIsrael2019ActiveLinkedIn
JENOVICE Cyber LabsIsrael2012ActiveLinkedIn
Jimmy SabienUSAUnknownWIRED
Kudu Dynamics LLCUSA2013ActiveWIRED
Kyrus TechUSA2009ActiveLinkedIn
Lambercy Ltd.Cyprus2017ActiveIntelligenceOnline
L3 Harris TrenchantUSA2018ActiveTwitter
Lench IT Solutions (FinFisher)UK1990ActiveWikipedia
Linchpin LabsCanada2007Acquired by L3Crunchbase
ManTech InternationalUSA1968ActiveVice, Motherboard
Memento LabsItaly2019ActiveVice, Motherboard
Mollitiam IndustriesSpain2018ActiveWIRED
neggItaly2013ActiveWIRED
Netragard, IncUSA2006ActiveLIFARS
NetSageUSA2006ActiveLinkedIn
Nexa TechnologiesFrance2012ActiveTechReview
NICEIsrael1986ActiveWikiLeaks
NSO GroupIsrael2010ActiveWikipedia
NVWA ProjectChina2019Active (former Seabug)Official website
ODT (Oday) LLCRussiaUnknownZDNet
OptivUSA2013ActiveTechReview
Passitora Ltd.Cyprus2020ActiveCitizenLab
ParagonUSA2016ActiveSchneier.com
PenLinkUSA1986ActiveForbes
Peterbald Ltd.Israel2019ActiveCitizenLab
Pwnzen InfotechChina2014ActiveIntelligenceOnline
PICSIXIsrael2011ActiveIsraeli MoD
PixiePointSingapore2019Active (Exodus partner)Website
Positive Technologies (PT)Russia2002ActiveU.S. DoC
QuaDreamIsrael2016ActiveReuters
Quantum Research InstituteRussiaUnknownBBC
Q-ReconIsrael2018CeasedBlack Hat USA
Rayzone GroupIsrael2009ActiveLinkedIn
RCS S.p.A.Italy1993ActiveLinkedIn
ReVulnMalta2012ActiveKrebs on Security
Riscure BVNetherlands2001ActiveEX Files
Roke Manor ResearchUK1956ActiveWikiLeaks
Root9bUSA2011Ceased (acquired by Deloitte)Gazette
Saito Tech Ltd.Israel2020ActiveCitizenLab
SeabugChina2006Unknown (started NVWA)Seabug post
SecfenseIndia2018ActiveIntelligenceOnline
SunerisFrance2017Acquired by ThalesWikipedia
SynacktivFrance2012ActiveEX Files
SyndisIceland2013ActiveDarkReading
SyTechRussiaZDNet
Taveta Ltd.Israel2019Ceased (succeeded by Saito Tech Ltd.)CitizenLab
Technikon ForschungsAustria2019ActiveEX Files
TexplainedFrance2015ActiveEX Files
Thales GroupFrance2000ActiveIntelligenceOnline
TokaIsrael2018ActiveMPN News
trovicor IntelligenceUAE2009ActiveLinkedIn
TRUEL ITItaly2015ActiveIntelligenceOnline
Variston ITSpain2018ActiveIntelligenceOnline
VASTech SA Pty Ltd.S. Africa1999ActiveTheIntercept
VBI (vulnbroker[.]com)USAUnknownWikiLeaks
VerintIsrael1994Ceased (succeeded by Cognyte)Israeli MoD
Vitaliy “tovis” ToropovRussiaUnknownArsTechnica
VupenFrance2004Ceased (succeeded by Zerodium)Wikipedia
WintegoIsrael2012ActiveForbes
WiSpearCyprus2013Ceased (succeeded by Passitora Ltd.)CyberScoop
xen1thLabsUAE2019Merged with Digital14LinkedIn
Zero Security Research LabUSA2020ActiveLinkedIn
ZerodiumUSA2015ActiveWikipedia
ZeronomicomItaly2016ActiveLIFARS
ZeroDay TechnologyUSAActiveLIFARS

ChangeLog

  • 22 Jun. 2022: Added “Toka” (credits: @mrkoot)
  • 23 Apr. 2022: Added “Anomaly Six” (also known as A6)
  • 24 Mar. 2022: Added “bitCorp”
  • 26 Feb. 2021: Added “PenLink”
  • 03 Feb. 2021: Added “QuaDream”
  • 17 Dec. 2021: Added “Aliada Group Inc.”
  • 17 Dec. 2021: Added “Passitora Ltd.”
  • 17 Dec. 2021: Added “Bluehawk CI Group”
  • 17 Dec. 2021: Added “BellTroX InfoTech Services”
  • 17 Dec. 2021: Added “Cobwebs Technologies”
  • 17 Dec. 2021: Added “Black Cube”
  • 17 Dec. 2021: Added “Peterbald Ltd”
  • 17 Dec. 2021: Added “Balinese Ltd.”
  • 17 Dec. 2021: Added “Cytrox”
  • 14 Dec. 2021: Added “DEFENTEK”
  • 04 Dec. 2021: Updated “Fox-IT” 2015 acquisition [link] (credits: Ilja van Sprundel)
  • 04 Dec. 2021: Added “Vastech”
  • 22 Nov. 2021: Added “AFB Systems”
  • 22 Nov. 2021: Added “INFRA (Intelligence Framework)”
  • 22 Nov. 2021: Added “Eitanium”
  • 19 Nov. 2021: Added “Negg”
  • 18 Nov. 2021: Added “NVWA Project” (credits: @08Tc3wBB)
  • 18 Nov. 2021: Added “Seabug” (credits: @08Tc3wBB)
  • 15 Nov. 2021: Added “Pwnzen Infotech”
  • 15 Nov. 2021: Added “Nexa Technologies”
  • 15 Nov. 2021: Added “Dataflow Security” (credits: @08Tc3wBB)
  • 12 Nov. 2021: Added “COSEINC” (credits: @08Tc3wBB)
  • 12 Nov. 2021: Updated “Argeniss” as acquired by IOActive in 2011 (see CBInsights)
  • 11 Nov. 2021: Added “NetSage”
  • 11 Nov. 2021: Added “Boldend” (credits: @slaeryan)
  • 11 Nov. 2021: Added “Kudu Dynamics LLC” (credits: @slaeryan)
  • 11 Nov. 2021: Added “Optiv”
  • 11 Nov. 2021: Added “Accuvant”
  • 04 Nov. 2021: Added “Positive Technologies (PT Security)”
  • 26 Oct. 2021: Added “Verint”
  • 26 Oct. 2021: Added “Rayzone Group”
  • 26 Oct. 2021: Added “Suneris”
  • 26 Oct. 2021: Added “PICSIX”
  • 26 Oct. 2021: Added “Ercom”
  • 26 Oct. 2021: Added “Thales Group”
  • 26 Oct. 2021: Added “Intellexa”
  • 26 Oct. 2021: Added “AREA Intelligence Mindset”
  • 26 Oct. 2021: Added “trovicor Intelligence”
  • 26 Oct. 2021: Added “Cognyte”
  • 26 Oct. 2021: Added “Deveryware”
  • 26 Oct. 2021: Added “JENOVICE Cyber Labs”
  • 26 Oct. 2021: Added “Wintego”
  • 26 Oct. 2021: Added “CY4GATE”
  • 26 Oct. 2021: Added “Mollitiam”
  • 26 Oct. 2021: Added “Secfense”
  • 26 Oct. 2021: Added “Zero Security Research Lab”
  • 26 Oct. 2021: Added “DUASYNT”
  • 26 Oct. 2021: Added “TRUEL IT”
  • 26 Oct. 2021: Added “Variston”
  • 26 Oct. 2021: Added “Lambercy Ltd.”
  • 26 Oct. 2021: Added “Digital Clues”
  • 26 Oct. 2021: Added “Digital14”
  • 26 Oct. 2021: Added “xen1thLabs”
  • 24 Oct. 2021: Added “Argeniss”
  • 24 Oct. 2021: Added “GLEG”
  • 24 Oct. 2021: Added “Vitaliy Toropov”
  • 24 Oct. 2021: Added “ExploitHub”
  • 24 Oct. 2021: Added “VBI (vulnbroker[.]com)” (credits: izabovmi)
  • 23 Oct. 2021: Added “Arcanum Global”
  • 22 Oct. 2021: Added “GRIMM”
  • 22 Oct. 2021: Added “Texplained”
  • 22 Oct. 2021: Added “Riscure BV”
  • 22 Oct. 2021: Added “Cyber Intelligence, S.L.”
  • 22 Oct. 2021: Added “Technikon Forschungs”
  • 22 Oct. 2021: Added “Synacktiv”
  • 22 Oct. 2021: Added “PixiePoint”
  • 21 Oct. 2021: Added “Linchpin Labs”
  • 21 Oct. 2021: Added “Trenchant”
  • 18 Oct. 2021: Added “Root9b”
  • 18 Oct. 2021: Added “ManTech”
  • 18 Oct. 2021: Added “Syndis”
  • 18 Oct. 2021: Added “Incredity Intel”
  • 18 Oct. 2021: Added “Kyrus Tech”
  • 17 Oct. 2021: Added the “Disclaimer” to avoid misconceptions
  • 17 Oct. 2021: Added “Azimuth Security”
  • 17 Oct. 2021: Marked “Birmingham Cyber Arms” as Ceased (credits: @_darrenmartyn)
  • 17 Oct. 2021: Added “Go Root”
  • 17 Oct. 2021: Marked “Grugq” as Ceased (credits: @cynicalsecurity)
  • 17 Oct. 2021: Initial release.

Written by xorl

October 17, 2021 at 12:49

%d bloggers like this: