Skip to content

Hide Navigation Hide TOC

Edit

Surveillance Vendor

List of vendors selling surveillance technologies including malware, interception devices or computer exploitation services.

Authors
Authors and/or Contributors
Various

Kape Technologies

Kape Technologies is better known by the name under which they were formerly incorporated - "Crossrider" but make no mistake they are the same company which became notorious as an adware/malware producer. Kape Technologies was originally known as Crossrider until the name change in 2018. The reason for that was, as CEO Ido Erlichman put it, “strong association to the past activities of the company.” Perhaps that refers to infecting users’ devices with malware and adware, considered “high-risk” by Symantec and Malwarebytes. If that wasn’t enough, Crossrider’s Founder and first CEO Koby Menachemi, was part of Unit 8200 – something that can be called Israel’s NSA. Another key person, Teddy Sagi, who is the main investor in both Crossrider and Kape Technologies, is mentioned in the Panama Papers.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Kape Technologies.

Known Synonyms
Crossrider
Kape
Internal MISP references

UUID e42be649-b098-44c7-9275-5874daf3b81a which can be used as unique global reference for Kape Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.kape.com/', 'http://crossrider.com/']

NSO group

NSO Group Technologies is an Israeli technology firm known for its Pegasus spyware enabling the remote surveillance of smartphones. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It reportedly employed almost 500 people as of 2017, and is based in Herzliya, near Tel Aviv.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular NSO group.

Known Synonyms
Circles
Q-Cyber
Internal MISP references

UUID 49d8e89f-401d-4d3d-9155-5758a346a4a1 which can be used as unique global reference for NSO group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.nsogroup.com/']
products ['PEGASUS']

Hacking Team

HackingTeam is a Milan-based information technology company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their license to do business with countries outside Europe. HackingTeam employs around 40 people in its Italian office, and has subsidiary branches in Annapolis, Washington, D.C., and Singapore. Its products are in use in dozens of countries across six continents.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Hacking Team.

Known Synonyms
Memento Labs
Internal MISP references

UUID 76c054fd-3f5e-4ea1-ad04-1cffb605c6ed which can be used as unique global reference for Hacking Team in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.mem3nt0.com/about.php']

Gamma Group

Gamma Group is an Anglo-German technology company that sells surveillance software to governments and police forces around the world. The company has been strongly criticised by human rights organisations for selling its FinFisher software to undemocratic regimes such as Egypt and Bahrain.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Gamma Group.

Known Synonyms
Gamma International
Internal MISP references

UUID 3786c4c1-c2fc-448d-86a2-9473e699d203 which can be used as unique global reference for Gamma Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.gammagroup.com/', 'https://gamma-international.com/']

FlexiSPY

Flexispy is an application that can be considered as a trojan, based on Symbian. The program sends all information received and sent from the smartphone to a Flexispy server. It was originally created to protect children and spy on adulterous spouses.

Internal MISP references

UUID 2017228c-57eb-42aa-8397-e88d92d1502e which can be used as unique global reference for FlexiSPY in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
official-refs ['https://www.flexispy.com/']

mSpy

mSpy is probably the most popular monitoring software on the market today. It is designed for parents who want to track their children’s online activity. Using mSpy is easy — just download and install a hidden app on your child’s phone and let it do its thing in the background. mSpy is available for iOS and Android, and has a web-based control panel that allows you to remotely monitor activity on your child’s device, including texts, instant messages, phone calls and social media use on Snapchat or Facebook. It also allows you to track the location of your child’s device on a map. The best thing about mSpy is that it works on non-jailbroken iPhones. Do note that some of its features, including email tracking and instant messenger monitoring, are only available on a rooted Android smartphone. If you don’t know how to root an Android device, you might want to consider using a spy app like Highster Mobile. This app lets you spy on Android phone without rooting.

Internal MISP references

UUID 40782f51-5d59-42b9-b3ce-bf7d1d4c73ca which can be used as unique global reference for mSpy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mspy.com/']

Highster Mobile

Highster Mobile is a cell phone spy and monitoring software that allows you to secretly monitor your children, employees, or loved ones without them ever knowing it. The app is available for both Android and iOS devices and is developed by ILF Mobile Apps, a company based in Bohemia, New York, that specializes in mobile security.

Internal MISP references

UUID 658c11fa-e6ff-4692-ac8e-dc536167d3e1 which can be used as unique global reference for Highster Mobile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.highstermobi.com/']

Mobile Spy

Mobile Spy is a cell phone monitoring application for iOS, Android and BlackBerry developed by Retina-X Studios. It allows you to monitor the smartphone activity of your children. You’ll be able to see text messages, track GPS locations, monitor social media activities, view call details and more inside a secure online account. Monitoring made easy. Login anytime you wish from any location to see the recorded data without needing access to the monitored phone. The hidden version of Mobile Spy is no longer available due to legal issues.

Internal MISP references

UUID 0b3eb33b-95a6-4da8-9085-278475276073 which can be used as unique global reference for Mobile Spy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.mobile-spy.com/']

Hoverwatch

Hoverwatch is a computer and mobile monitoring software developed by Refog. It is available for Android, Windows and macOS. It runs silently in the background, recording all activities performed by the user such as messages sent and received, phone calls made and received, web sites visited, and every keystroke typed. All recorded data is sent to an online account.

Internal MISP references

UUID a7d4bcf3-6dc9-4d66-98a8-724e9d619a80 which can be used as unique global reference for Hoverwatch in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.hoverwatch.com/']

MobiStealth

MobiStealth is a popular spy software that comes with a simple web-based console and powerful monitoring features. It is developed by Infoweise Pty Ltd, a private company headquartered in Sydney, Australia. They have been making high quality monitoring solutions since 2009. In November 2015, they launched a “Non-Jailbreak” feature, letting users spy on all iOS devices without needing to jailbreak them. Just like many other spy software, MobiStealth allows you to spy on a cell phone or computer via a web interface called StealthClub. As its name implies, it is a stealth application that runs in the background without the owner’s knowledge.

Internal MISP references

UUID a85664ba-67ea-448f-9a9d-7bcf4cedd270 which can be used as unique global reference for MobiStealth in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mobistealth.com/']

Spyera

Spyera develops and sells computer and mobile spy software. Based in Hong Kong, Spyera’s products work in all languages and all countries. The company’s phone and PC monitoring products are useful tools for any parent or company, although they are quite expensive in comparison to other products. Spyera comes in three different versions — a mobile version for iPhone and Android smartphones, a tablet version for iPad and Android tablets, and a desktop version for Mac and Windows. The mobile version of Spyera is actually very similar to the FlexiSPY Extreme, which I reviewed a few weeks ago. It has everything you’d expect from a cell phone spy software: live call listening, call recording, and location tracking.

Internal MISP references

UUID 24b7fea3-7d2d-4ca4-8941-86cf8ebbf404 which can be used as unique global reference for Spyera in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://spyera.com/']

StealthGenie

StealthGenie is a powerful cell phone spy software created by InvoCode Ltd in 2010 that can be used to spy on cheating spouses and monitor children’s activities. In September 2014, Hammad Akbar, founder of StealthGenie, was arrested in Los Angeles and charged with selling mobile device spyware. StealthGenie was officially discontinued on 26 September 2014.

Internal MISP references

UUID ef236716-10b4-4c50-96db-407b283a0f17 which can be used as unique global reference for StealthGenie in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

SpyBubble

SpyBubble is a spy app that lets you secretly spy on someone’s phone. This spy app is compatible with a variety of mobile devices, including iPhone, Android, BlackBerry and Symbian, and it offers logging features for most cell phone activity. SpyBubble doesn’t provide the blocking and restricting features that you will find in several similar applications. However, it has many useful features, and its monitoring features are excellent. Spybubble cell phone spy software was discontinued due to legal reasons

Internal MISP references

UUID f49bf1b6-e257-4ffc-b5ac-f0e26ef36965 which can be used as unique global reference for SpyBubble in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Cytrox

Cytrox’s Israeli companies were founded in 2017 as Cytrox EMEA Ltd. and Cytrox Software Ltd. Perhaps taking a page from Candiru’s corporate obfuscation playbook, both of those companies were renamed in 2019 to Balinese Ltd. and Peterbald Ltd., respectively. We also observed one entity in Hungary, Cytrox Holdings Zrt, which was also formed in 2017.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Cytrox.

Known Synonyms
Balinese Ltd.
Cytrox EMEA Ltd.
Cytrox Holdings Zrt
Cytrox Software Ltd.
Peterbald Ltd.
Internal MISP references

UUID 4dbfa61e-0cf5-4142-babf-3cdce348568d which can be used as unique global reference for Cytrox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
products ['DevilsTongue']
Related clusters

To see the related clusters, click here.

RCSLab

RCS Lab S.p.A., Italian vendor likely using Tykelab Srl as a front company.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular RCSLab.

Known Synonyms
RCS Lab
Internal MISP references

UUID 28ed79b6-a11d-4e41-af80-ece8f0e0c2d3 which can be used as unique global reference for RCSLab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
products ['Hermit']

Aglaya

Aglaya, a contractor based in Delhi, India, emerged into the public eye in 2014 following its attempt to secure a substantial annual contract worth $5 billion. This surge in prominence was largely driven by the actions of Ankur Srivastava, Aglaya's CEO and founder, who purportedly proposed the outsourcing of surveillance and hacking services to various governments.

Internal MISP references

UUID 4045c51a-82eb-11ee-a366-325096b39f47 which can be used as unique global reference for Aglaya in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Interionet

Interionet Systems Ltd., headquartered in Herzliya, Israel, is a privately-held company recognized for its approach in the cyber intelligence domain, particularly catering to law enforcement and intelligence agencies. The firm, founded by ex-NSO team members, is dedicated to the development of sophisticated cyber-intrusion and mobile interception tools.

Internal MISP references

UUID 44d59236-82eb-11ee-923e-325096b39f47 which can be used as unique global reference for Interionet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Intellexa

The Intellexa alliance is an evolving group of companies and brands that have been involved in developing and marketing a wide range of surveillance products including advanced spyware, mass surveillance platforms, and tactical systems for targeting and intercepting nearby devices. The corporate entities of the alliance span various jurisdictions, both within and outside the EU. The exact nature of links between these companies is shrouded in secrecy as corporate entities, and the structures between them, are constantly morphing, renaming, rebranding, and evolving.

Internal MISP references

UUID 1c909820-82eb-11ee-80c7-325096b39f47 which can be used as unique global reference for Intellexa in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
products ['Nova', 'Triton', 'Helios', 'ALIEN', 'PREDATOR']
Related clusters

To see the related clusters, click here.

Merlinx / Equus Technologies

Merlinx / Equus Technologies, Israeli firm, a privately held company specializing in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations. Linked to the Android malware, also sells iOS capabilities.

Internal MISP references

UUID 18128362-82eb-11ee-8723-325096b39f47 which can be used as unique global reference for Merlinx / Equus Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

AQSACOM

AQSACOM, French company - lawful interception for IP networks. All Aqsacom's security products can be combined in a powerful solution so that Telecommunications and ISP operators can provide the Authorities with a reliable and professional service.

Internal MISP references

UUID 131a6b7c-82eb-11ee-bcb3-325096b39f47 which can be used as unique global reference for AQSACOM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Area

Area Spa is a firm based near Milan that sells monitoring systems capable of capturing internet traffic, tapping conversations, and tracking targets through GPS.

Internal MISP references

UUID 0e2c2b64-82eb-11ee-b34f-325096b39f47 which can be used as unique global reference for Area in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

ClearTrail

ClearTrail Technologies, India based company, known for developing or selling systems for monitoring computers, mobile phones and emails of unsuspecting masses.

Internal MISP references

UUID 0977bd04-82eb-11ee-915c-325096b39f47 which can be used as unique global reference for ClearTrail in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Elaman

Elaman is a German company that sell a wide array of surveillance technologies. From vast monitoring centres capable of monitoring thousands of conversations simultaneously to trojans that target individual's devices specifically. They don't create these products, they resell from other surveillance companies. They have sold products from VASTech, Gamma, Utimaco and Nokia Siemens Networks. This catalogue gives an insight into one of the surveillance industries biggest middle man.

Internal MISP references

UUID 04d776c2-82eb-11ee-9d14-325096b39f47 which can be used as unique global reference for Elaman in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Gita Technologies

Gita Technologies, Israeli based company with a mission to be a worldwide leader in research and development of high-end security systems and SIGINT.

Internal MISP references

UUID 01f21098-82eb-11ee-9475-325096b39f47 which can be used as unique global reference for Gita Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Innova

Innova, based in Trieste, Italy, and a frequent supplier of Italian prosecutor’s offices. It was the only Italian firm at the International Exhibition for National Security and Resilience (ISNR), which was held in Abu Dhabi in October 2022. The exhibition connects regional government agencies with manufacturers from around the world, and was organised in cooperation with the Ministry of the Interior and in strategic partnership with Abu Dhabi Police GHQ. The United Arab Emirates, however, is known for human rights violations, some of which facilitated by the use of digital surveillance technology, as in the case of an iPhone spyware that was used against hundreds of activists, foreign leaders and suspected terrorists, according to Reuters. Innova’s foreign presence did not stop at ISNR. The company was also at ISS World Latin America, which took place in Panama in October 2022, and was among the sponsors of the September event of ISS World Asia Pacific 2022 in Singapore. These trade shows are not mere opportunities for display, but allow direct contact with members of intelligence agencies from various countries, law enforcement officials and government leaders or ministers.

Internal MISP references

UUID fda75d0e-82ea-11ee-9668-325096b39f47 which can be used as unique global reference for Innova in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Jenovice

Jenovice, an Israeli firm that flies under the radar has invented a remotely-operated WiFi interception device that can facilitate spy missions. Jenovice Cyber Labs' Piranha exploits vulnerabilities in WiFi networks to connect an attacker to as many as 50 targeted devices at once.

Internal MISP references

UUID f88c61fc-82ea-11ee-9ba8-325096b39f47 which can be used as unique global reference for Jenovice in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Lumacron

Lumacron, a British startup which is developing interception tools to capture the massive data flows that transit through the principal international communications networks.

Internal MISP references

UUID f4f39ee8-82ea-11ee-babc-325096b39f47 which can be used as unique global reference for Lumacron in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

NeoSoft

NeoSoft AG, Switzerland manufacturer of Passive, Active (Semi-Active), Hybrid GSM Monitoring systems with A5.2/A5.1 deciphering, CDMA Passive Monitoring systems, IMSI/IMEI Catchers 2G/3G, InPoint SMS System (sends SMS to everybody). All NeoSoft systems support the following bands: GSM, PCS, EGSM, 2100, 850. NeoSoft has world-wide experience.

Internal MISP references

UUID f10f551a-82ea-11ee-a915-325096b39f47 which can be used as unique global reference for NeoSoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Nexa

Nexa Technologies was indicted for complicity in acts of torture, the French firm is accused of having sold surveillance equipment to the Egypt.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Nexa.

Known Synonyms
Nexa Technologies
Internal MISP references

UUID eb6af48e-82ea-11ee-a4dc-325096b39f47 which can be used as unique global reference for Nexa in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
Related clusters

To see the related clusters, click here.

Norsi-Trans

Norsi-Trans produces SIGINT and lawful interception equipment and software for the Russian government and also sells an OSINT platform called Vitok-ROI (or Vitok-OSINT).

Internal MISP references

UUID e63a05d6-82ea-11ee-99d2-325096b39f47 which can be used as unique global reference for Norsi-Trans in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Polaris Wireless

Polaris Wireless, US based company that specializes in the development of wireless surveillance products.

Internal MISP references

UUID e1d96f90-82ea-11ee-b499-325096b39f47 which can be used as unique global reference for Polaris Wireless in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Pro4Tech

Pro4Tech, Tel Aviv/Israel based company which provides tactical surveillance systems designed by field-professionals for law-enforcement and government agencies.

Internal MISP references

UUID dd594940-82ea-11ee-b2da-325096b39f47 which can be used as unique global reference for Pro4Tech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Rayzone

Rayzone, Israeli cyber intelligence company. The surveillance software makes it possible, among other things, to locate a person's location and path of movement with an accuracy of one meter and makes it possible to receive additional information from the applications on the target's device.

Internal MISP references

UUID d7f0eac6-82ea-11ee-a3fc-325096b39f47 which can be used as unique global reference for Rayzone in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Seartech

Seartech is a South African company specializing in the design and manufacture of tactical surveillance equipment.

Internal MISP references

UUID d2af90da-82ea-11ee-ae9e-325096b39f47 which can be used as unique global reference for Seartech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Securcube

Securcube s.r.l is an Italian company that specializes in services and products for the Digital Forensics..

Internal MISP references

UUID ce09094e-82ea-11ee-92b0-325096b39f47 which can be used as unique global reference for Securcube in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Septier

Septier Communication Ltd, with global headquarters in Israel and offices across several continentshas dozens of installations serving telecommunication operators and law-enforcement agencies and organizations throughout the world. Septier develops and markets comprehensive lawful interception systems which include cutting-edge monitor centers and passive front ends based on high capacity signaling monitoring probes.

Internal MISP references

UUID c8b2b486-82ea-11ee-bf5a-325096b39f47 which can be used as unique global reference for Septier in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Cy4gate

Cy4gate, Italian based company, sells its products worldwide, including to dictatorships, while competing with companies involved in scandals related to repression of opponents and journalists.

Internal MISP references

UUID c36f60aa-82ea-11ee-9893-325096b39f47 which can be used as unique global reference for Cy4gate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Toka

Toka, Israeli based company, which offers its police, government and intelligence clients the ability to obtain targeted intelligence and conduct forensic investigations as well as covert operations. In addition, Toka offers governments its Cyber Designers service, which provides agencies with the full-spectrum strategies, customized projects, and technologies needed to ensure the security and sustainability of critical infrastructure, the digital landscape, and government institutions.

Internal MISP references

UUID bef4dde8-82ea-11ee-b431-325096b39f47 which can be used as unique global reference for Toka in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Trovicor

Trovicor, Germany based companies’ surveillance technology allegedly used in connection with human rights abuses by authoritarian govts.

Internal MISP references

UUID b857854e-82ea-11ee-8e7b-325096b39f47 which can be used as unique global reference for Trovicor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Utimaco

Utimaco, Aachen/Germany based company which praises itself as market leader in eavesdropping technology.

Internal MISP references

UUID b46b4d8a-82ea-11ee-a797-325096b39f47 which can be used as unique global reference for Utimaco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Wintego

Wintego Systems develops advanced communication, intelligence, and data-decoding solutions for the government and homeland security sectors.

Internal MISP references

UUID afc73226-82ea-11ee-8a25-325096b39f47 which can be used as unique global reference for Wintego in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Wispear

Wispear Systems Ltd (renamed Passitoria Ltd), provides interception equipment designed for the extraction of voice or data, transmitted over the air interface.

Internal MISP references

UUID ab53ed38-82ea-11ee-8613-325096b39f47 which can be used as unique global reference for Wispear in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
Related clusters

To see the related clusters, click here.

DarkMatter

DarkMatter founded in the United Arab Emirates (UAE) was under investigation by the FBI for crimes including digital espionage services, involvement in the Jamal Khashoggi assassination, and incarceration of foreign dissidents.

Internal MISP references

UUID a6712272-82ea-11ee-b70e-325096b39f47 which can be used as unique global reference for DarkMatter in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Lench

Lench IT Solutions, Germany based company. Lench IT Solutions plc has a UK-based branch, Gamma International Ltd in Andover, England, and a Germany-based branch, Gamma International GmbH in Munich. FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc.

Internal MISP references

UUID a1002342-82ea-11ee-8b84-325096b39f47 which can be used as unique global reference for Lench in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

GR Sistemi

GR Sistemi, Italian firm that's been trying to enter the crowded market of government spyware, also known by insiders as lawful interception.

Internal MISP references

UUID 9c29b716-82ea-11ee-a0d8-325096b39f47 which can be used as unique global reference for GR Sistemi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

SS8

SS8, US based company is selling to a range of US government agencies as well as exporting surveillance equipment abroad. SS8 were also reportedly responsible for selling intrusion systems to the United Arab Emirates.

Internal MISP references

UUID 8f3205ae-82ea-11ee-be61-325096b39f47 which can be used as unique global reference for SS8 in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Wolf Intelligence

Wolf Intelligence a Germany-based spyware company that made headlines for sending a bodyguard to Mauritania and prompting an international incident after the local government detained the bodyguard as collateral for a deal went wrong, left a trove of its own data exposed online.

Internal MISP references

UUID 8b50f9e0-82ea-11ee-b818-325096b39f47 which can be used as unique global reference for Wolf Intelligence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Vervata

Vervata, Thailand-based software company, which among other, provides mobile monitoring applications that secretly records all activity on a phone.

Internal MISP references

UUID 86cb5eb0-82ea-11ee-83e0-325096b39f47 which can be used as unique global reference for Vervata in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Raxir

Raxir, Italy based surveillance firm that is housed in Naples, in a tech startup incubator. According to the company's page on the incubator's website, Raxir was founded in 2013 and produces software systems to support legal and intelligence investigations.

Internal MISP references

UUID 8198124e-82ea-11ee-859b-325096b39f47 which can be used as unique global reference for Raxir in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value

Senpai

Senpai Technologies is a company specializing in OSINT and persona creation based out of Israel, while WiSpear, also based in Israel, specializes in Wi-Fi interception.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Senpai.

Known Synonyms
Senpai Technologies
Internal MISP references

UUID d3e48fbb-9be5-4387-bf2b-bc9a72cdbd8a which can be used as unique global reference for Senpai in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
Related clusters

To see the related clusters, click here.

I-Soon

I-Soon (also known as Anxun Information Technology Co., Ltd.) is a Chinese cybersecurity firm that has garnered significant attention due to its alleged involvement in state-sponsored cyber espionage activities.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular I-Soon.

Known Synonyms
Anxun Information Technology Co., Ltd.
Internal MISP references

UUID 3b5a049a-aa88-4550-89b6-aae31e312a8c which can be used as unique global reference for I-Soon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
products ['Automated Pentest', 'Email Analysis', 'Falcon Anti-Gambling', 'Practical Traunung', 'Business Intelligence', 'Microsoft Secret Extraction', 'Anonymous Anti-Tracing Router', 'Wi-Fi Sensorless Implantable Device', 'Scientific Internet Box (GL-AX1800)', 'Wi-Fi Proximity Attack System', 'Individual Soldier Toolbox', 'Social Media Monitoring', 'SkyWalker Data Query Platform', 'Domestic Public Opinion Tracking System', 'Twitter Public Opinion Guidance & Control System', 'Services & Consulting - DDoS', 'Services & Consulting - Combat Platform', 'Windows Implants - Security System (ShadowPad)', 'ShadowPad', 'Mobile Implants - iOS', 'Mobile Implants - Android', 'Linux Implants - Hector', 'Linux Implants - TreadStone (Winnti)', 'Winnti']
Related clusters

To see the related clusters, click here.

Paragon Solutions

Paragon Solutions Ltd. was established in Israel in 2019. The founders of Paragon include Ehud Barak, the former Israeli Prime Minister, and Ehud Schneorson, the former commander of Israel’s Unit 8200. Paragon sells a spyware product called Graphite, which reportedly provides “access to the instant messaging applications on a device, rather than taking complete control of everything on a phone,” like NSO Group’s Pegasus spyware.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Paragon Solutions.

Known Synonyms
Paragon
Paragon Solutions Ltd
Internal MISP references

UUID 6eae15ff-9d8b-4549-98b5-1d605dddc5b6 which can be used as unique global reference for Paragon Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
products ['Graphite']

RedLattice

REDLattice is a mission-focused provider of full spectrum cyber capabilities and technology solutions for customers in the U.S. national security, defense and commercial communities. REDLattice helps its customers deliver mission success by rapidly designing, developing, and implementing cutting edge applications and engineering solutions for some of their most complex challenges. The Company’s subject matter experts in vulnerability research (VR), reverse engineering (RE), tool development, malware analysis, and advanced operational capabilities help to develop the next generation of cyber tools and solutions to the battlespace.

Internal MISP references

UUID af1dc877-2abe-4c48-8c05-b18287516b27 which can be used as unique global reference for RedLattice in MISP communities and other software using the MISP galaxy

Related clusters

To see the related clusters, click here.

1Byte

1Byte is a Vietnam-based company operating a network of spyware apps and generating millions in revenue since at least 2016. One of these apps, TheTruthSpy, can discreetly upload your call logs, text messages, photos, browsing history, and real-time location data. 1Byte used fake American identities, forged passports, and manipulated financial systems to evade detection and process payments. A TechCrunch article found that it is actively facilitating the secret surveillance of hundreds of thousands of Android users around the world. TechCrunch also identified at least least nine known near-identical spyware apps in TheTruthSpy’s network: Copy9, MxSpy, iSpyoo, SecondClone, TheSpyApp, ExactSpy, GuestSpy and FoneTracker, all of which operate just like TheTruthSpy but under different names.

Internal MISP references

UUID 762a95ac-f8ad-4cb0-9d64-4717b9428c85 which can be used as unique global reference for 1Byte in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://1bytesoftware.com/']

4Intelligence

4Intelligence AB is a manufacturer and provider of surveillance tools, produced primarily for intelligence agencies, law enforcement authorities, military units, and private security companies.

Their IMSI/IMEI catchers are designed to collect essential identifiers, such as IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity), from cellular devices operating on GSM, UMTS, LTE, and 5G networks. These systems are utilized for intelligence gathering and monitoring within the operational radius of the devices. In addition to IMSI catchers, the company offers a range of products, including RF detectors, WiFi monitoring, camouflaged video transmitters and recorders, vehicle geolocation systems, location based tracking and other interception technologies.

In addition to Sweden, the company also has offices in Cyprus and Dubai, UAE.

Internal MISP references

UUID bbd4b208-d671-4dd3-8891-22eb0e28e612 which can be used as unique global reference for 4Intelligence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://4intelligence.com/']

Aarogya Setu

Aarogya Setu is a mobile application developed by the Government of India in April 2020 to perform COVID-19 contact tracing. It pairs Bluetooth handshakes with periodic GPS pings to flag when users have been near someone who later tests positive, then offers risk scores and health guidance. Since the pandemic, the platform has been folded into the National Health App stack, adding vaccination certificates and other digital health services.

The app embeds far-reaching surveillance capabilities. On sign-up, it demands granular personal data, such as name, phone number, age, sex, profession, travel and even smoking history, which are transmitted to a central government server. Continuous collection of live location and proximity logs lets authorities recreate a user’s movements and social graph, described by critics as a sophisticated surveillance system.

Internal MISP references

UUID 14bd10ac-8f50-44b5-91d1-5606dba328b2 which can be used as unique global reference for Aarogya Setu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.aarogyasetu.gov.in/', 'https://www.digitalindia.gov.in/initiative/aarogya-setu/']

AASMA

The Advanced Application for Social Media Analytics (AASMA) is a social media surveillance tool developed by the Indraprastha Institute of Information Technology, Delhi, with funding from the Indian government. It is utilized by at least 40 government departments in India. AASMA can collect and analyze live data from platforms like Twitter, Facebook, and YouTube, perform sentiment analysis, track user locations and devices, and send alerts to authorities based on predefined criteria. It is employed for purposes such as monitoring public sentiment, handling protests, and identifying influential users.

Internal MISP references

UUID 68da3a79-7df6-4d44-9516-260460df40da which can be used as unique global reference for AASMA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Ability, Inc

Ability is a security firm based in Tel Aviv. The company develops and provides interception and decryption communication tools to security and intelligence agencies, military forces, police and homeland security services.

Its surveillance capabilities include both passive and active interception of cellular communications across GSM, CDMA, UMTS, and LTE networks, as well as satellite communication interception for systems like Thuraya, Iridium, and VSAT. Ability also offers decryption tools to break encrypted communications and geolocation technologies for tracking cellular devices, and developed the Crosscan system, a portable IMSI catcher for tracking mobile devices. Its operations span across 50 countries worldwide.

Ability cooperated with NSO Group on Pegasus and handled the network side of NSO’s operations.

In 2015, it merged with Cambridge Capital Acquisition Corporation (aka Cambridge.)

Internal MISP references

UUID a85c43ca-7195-40fe-b10a-1010a540584a which can be used as unique global reference for Ability, Inc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

AccessData

AccessData Group was a U.S.-based cybersecurity company that developed digital forensics investigation technology. The company created the Forensic Toolkit (FTK), which became an industry-standard tool for extracting and analyzing data from digital devices. The technology was used by law enforcement agencies worldwide, including in Nigeria, where it was employed alongside other forensic tools for extracting information from seized devices.

AccessData's merger with Exterro created a powerful surveillance conglomerate. Their combined digital forensics and data extraction capabilities give law enforcement and government agencies unprecedented access to personal information, particularly given the company's two-decade history of developing tools that can crack passwords, decrypt files, and extract sensitive personal data from devices without user consent.

AccessData's Forensic Toolkit (FTK) was also used by Botswana's Police Service Digital Forensics Laboratory alongside Cellebrite's UFED to conduct invasive searches of journalists' devices. The technology was deployed in the case of Oratile Dikologang, a digital editor, where police "successfully extracted" and "thoroughly analyzed" thousands of messages, contacts, images, audio files, videos, and social media accounts from his phone. When contacted by the Committee to Protect Journalists (CPJ) about this surveillance activity, AccessData and its parent company Exterro declined to respond to questions about their technology's use in Botswana's press freedom violations.

Internal MISP references

UUID 358a4481-2de6-4f1d-a42f-6ba832fb43de which can be used as unique global reference for AccessData in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Actuate

Actuate develops AI‑powered surveillance tools that turn existing security cameras into "smart detection systems." Its platform analyzes video feeds in real time to spot specific incidents, then alerts security staff or local authorities. In its "New Police Technology 2025" blog, Actuate promoted its products as a way for police to perform smarter policing and surveillance via AI analytics.

Internal MISP references

UUID 5150267a-0397-40ec-bc47-659954cfedb6 which can be used as unique global reference for Actuate in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://actuate.ai/']

Acxiom

Acxiom is a data broker and marketing technology company headquartered in Conway, Arkansas. Known for its extensive data collection and analytics capabilities, Acxiom aggregates and processes vast amounts of personal information, including demographic details, purchasing behavior, online activity, real-time location, and more. This data is used to create detailed consumer profiles, which are then sold to a wide range of clients, including advertisers, marketers, financial institutions, government agencies and political organizations. In the U.S, the company has held contracts with the Central Intelligence Agency (CIA), the State Department and other federal government agencies.

In 2014, Acxiom acquired LiveRamp, integrating its services to enable cross-device tracking and data onboarding, which helps connect online and offline consumer data. This partnership allows Acxiom to extend its data reach, offering even more granular insights into consumer behavior and location data to a broader range of clients. In 2018, Acxiom claimed to have data on over 2.5 billion people in over 62 countries, including 68% of the global online population.

Internal MISP references

UUID b3f50da6-5f58-4b4b-9a86-cce0dec7dea8 which can be used as unique global reference for Acxiom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.acxiom.com/']

ADF Solutions

ADF Solutions is a provider of digital forensic and surveillance technologies designed for law enforcement, intelligence, and investigative agencies. Its tools collect, analyze, and manage digital data forcibly extracted from computers, mobile devices, and other digital media.

The company collaborates extensively with police and government agencies worldwide and helps integrate its tools, like the Digital Evidence Investigator and Mobile Device Investigator, into their systems.

Internal MISP references

UUID e15225d1-80fa-4716-8d5c-d3296775262d which can be used as unique global reference for ADF Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.adfsolutions.com/']

Aegis

Aegis is one of the products offered by Semptian, a Chinese company, designed to be installed inside phone and internet networks. It is used to secretly collect people’s email records, phone calls, messages, geolocation data, and web browsing histories.

Internal MISP references

UUID ba31d0d6-12d9-46e8-b40f-53473ffc4223 which can be used as unique global reference for Aegis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

AeroVironment

AeroVironment builds lightweight, hand or tube-launched uncrewed aircraft such as the Raven, Puma and JUMP 20 and equips them with miniature multi-sensor gimbals that stream real-time daylight, infrared and mapping data for surveillance purposes. The company's Nano Hummingbird is a palm-sized surveillance drone that mimics the appearance and flight of a real hummingbird.

The U.S. Border Patrol operates the Puma 3 AE to surveil remote stretches of the southwest border. More than 50 governments around the world have adopted drones built and customized by AeroVironment for intelligence gathering and surveillance.

Internal MISP references

UUID afb33a3e-e3f7-434f-a173-c93d85d1a788 which can be used as unique global reference for AeroVironment in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.avinc.com/']

Aeryon Labs

Aeryon Labs, now part of FLIR Systems, is a provider of high-performance surveillance drones and related software. Its SkyRanger drone is designed for real-time aerial surveillance and has been integrated into policing platforms like the Microsoft Advanced Patrol Platform (MAPP). The SkyRanger provides law enforcement agencies with live video feeds during patrols and operations. The drone's features include high-resolution cameras, automatic license plate readers, and proximity sensors, all connected to cloud platforms like Microsoft Azure for data analysis and storage.

Internal MISP references

UUID b93e08e1-84aa-44cb-8361-bcfa0eb0f048 which can be used as unique global reference for Aeryon Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Agnitio

Agnitio, a company specializing in biometric identification and surveillance technologies, developed several advanced tools for security and surveillance applications. Through its flagship product, BATVOX, Agnitio’s technology can analyze and verify a person's identity based on their voice. It also provides facial recognition systems that can identify or verify individuals by analyzing facial features. Its primary clients include police, intelligence, military, and government organizations. It operates in at least 35 countries worldwide. In 2016, it was acquired by Nuance Communications, which itself was acquired by Microsoft in 2022.

Internal MISP references

UUID 933acc55-2b5e-46f2-a187-a991b317df48 which can be used as unique global reference for Agnitio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

AheadX

AheadX is a Chinese company that develops unmanned aerial vehicles (UAVs) and surveillance drones. The company's drones have been linked to Myanmar's military junta, which has utilized them for surveillance against resistance forces.

AheadX drones, such as the QP530, offer capabilities for multi-target recognition, which includes recognizing characters and vehicles. Their drones also support AI recognition customization for specific targets.

Internal MISP references

UUID 84dd992a-b824-4cb6-aef4-cca6abf7bafd which can be used as unique global reference for AheadX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://m.aheadx.com/', 'http://aheadx.com/']

Airbotics

Airobotics is an Israeli startup specializing in the development and operation of autonomous unmanned aircraft systems (UAS). The company offers fully automated solutions for data capture and analysis. Their drones, such as the Optimus system, are designed to perform a range of tasks including real-time aerial surveillance. These drones are capable of operating 24/7 without human intervention, designed for continuous surveillance and data collection. In 2022, it was acquired by US company Ondas Holdings, a provider of technology platforms that digitize industrial and government operations.

Internal MISP references

UUID d6ddaf05-9af7-416e-b401-4d785198f30f which can be used as unique global reference for Airbotics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.airoboticsdrones.com/']

Almenta

Almenta is a surveillance firm based in Bulgaria and run by Israeli operators, including CEO Ari Covitz. It develops Wi-Fi-based hacking tools, which it showcased at the Milipol homeland security conference. The company offers a product called WiNA-P, which enables a variety of attacks on smartphones by exploiting Wi-Fi networks. These attacks include delivering malware to extract data from apps like WhatsApp, Telegram, Facebook, and Skype, as well as phishing capabilities to steal login credentials through fake landing pages. Almenta also advertises an "Account Grabber" feature to identify iCloud or Android accounts by sending deceptive messages to targets.

Alongside WiNA-P, Almenta promotes a product called “Observer,” which offers “worldwide geo location,” as described in a blurb on Milipol’s website. A brochure for “Observer” reveals that, with only a target’s mobile phone number, the device’s location can be pinpointed and displayed on a Google Maps interface.

The company claims its tools can operate from up to 500 meters away and target as many as 50 devices simultaneously. Almenta's technology reportedly relies on tools from other Israeli surveillance firms, such as WiSpear and Jenovice, with costs for such systems starting at $1 million.

Internal MISP references

UUID f6074744-ef30-4334-9831-c120784aa375 which can be used as unique global reference for Almenta in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://almentagroup.com/']

Alpheratz

Alpheratz is a security and intelligence solutions distributor based in Quito, Ecuador. Founded in 2014, the company serves as a regional representative of surveillance tools, primarily working with Ecuadorian public institutions including the national police force, joint armed forces command, and the office of the prosecutor general.

As a distributor, Alpheratz represents various international intelligence firms, including Israeli cyber intelligence companies that are part of Tal Dilian's Intellexa network, and acts as their representative in Ecuador. According to Intelligence Online, Alpheratz also represents other intelligence companies, including Sweden's MSAB, Canada's Magnet Forensics and Polish big data analytics specialist Datawalk.

The company's full legal name is Soluciones Globales & Representaciones Alpheratz Cia. LTDA.

Internal MISP references

UUID ec08371f-5b83-4533-8ca7-cbb3240c9c7c which can be used as unique global reference for Alpheratz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.alpheratz.us/']

Amesys

Amesys is a French company known for the sale of a program called Cerebro, capable of tracking the electronic communications of its targets, including email addresses and phone numbers. In 2007, it reportedly sold surveillance technology to Libya, which was used by the Gaddafi regime to arrest and torture critics of the regime. Former managers of Amesys went on to run Nexa Technologies, which, in 2014, sold an interception system to the Egyptian regime under the name Eagle. The system was used in connection with the detention and torture of political opponents of the Al-Sissi regime. Eagle was deployed and maintained by Amesys from 2007 to 2011. In 2021, executives of Amesys and Nexa Technologies were indicted for complicity in torture.

The company rebranded to Advanced Middle East Systems and moved its operations to the United Arab Emirates.

Internal MISP references

UUID 802a45b3-500b-4eb4-8aa9-104f1fc2bb47 which can be used as unique global reference for Amesys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Analytical Business Solutions

Analytical Business Solutions is a company that develops surveillance and data management technologies. It's the developer of the Semantic Archive intelligence system, which it describes as a tool for creating an integrated storage of information. This system is designed to consolidate and organize data from various communication streams into a searchable database for data retrieval and analysis.

The Semantic Archive system reportedly supports SORM-3, a Russian surveillance framework, by facilitating the processing and management of data collected from diverse communication channels.

Internal MISP references

UUID c2695ea9-838c-4435-8e41-828ebae6a565 which can be used as unique global reference for Analytical Business Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://old.anbr.ru/', 'http://old.anbr.ru/en/']

Anomaly Six

Anomaly Six (A6) is a Virginia-based company founded in 2018 by two ex-military intelligence officers. The company claims to have the capability to track approximately 3 billion devices in real time through GPS data collected via smartphone apps. According to a report by The Intercept, their surveillance system operates by gathering location data through partnerships with "thousands" of apps using software development kits (SDKs). The company also claimed to have the capability to unmask and track intelligence agency (CIA and NSA) personnel during a pitch to Zignal Labs, a social media monitoring company. The company proposed a joint venture with Zignal Labs that would enable the U.S. government to conduct seamless surveillance operations on adversaries. Anomaly Six's capabilities are largely made possible through the advertising industry's data collection practices, highlighting the connection between commercial data brokers and surveillance techniques.

U.S. Special Operations Command (SOCOM) paid $589,500 to Anomaly Six in September 2020 for a "Commercial Telemetry Feed." The company's co-founder, Brendan Huff, previously managed Defense Department relationships of another U.S surveillance company called Babel Street.

Internal MISP references

UUID 2ef66a56-03d8-4fa5-99a8-3cbeb5db2c78 which can be used as unique global reference for Anomaly Six in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.anomalysix.com/']

AnyVision

AnyVision, an Israeli company with an international presence, is behind advanced tactical surveillance software used to monitor the movements of Palestinians. Their flagship facial recognition product, Better Tomorrow, is an automated watchlist alerting system that identifies persons of interest and their contact history in real-time.

The company's CEO is a former operating partner at SoftBank's investment arm, which co-led a large fundraising round for the company alongside Eldridge, an American holding company headquartered in Connecticut. A few months after the extent of their surveillance systems were exposed in U.S schools, they rebranded to Oosto and resumed operations.

Internal MISP references

UUID c0624364-40dd-4dee-9b91-46e5b592d1cb which can be used as unique global reference for AnyVision in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://oosto.com/']

Appin

Appin was an Indian hack-for-hire company founded in 2003 by brothers Rajat and Anuj Khare, and involved in extensive surveillance activities. Operating through various subsidiaries including Appin Software Security Pvt. Ltd. and the Appin Security Group, the company positioned itself as a cybersecurity solutions provider. While publicly presenting itself as the "world's 4th largest Critical Infrastructure Security Solutions Company", the company was reportedly involved in hack-for-hire activities, including espionage and targeted surveillance. The company served a wide range of clients, including Israeli private detectives Aviram Halevi and Tamir Mor, who alone commissioned surveillance operations on dozens of targets.

Appin has garnered attention for its aggressive legal campaign to suppress reporting about its past activities, most notably forcing Reuters to temporarily remove an investigative article through an Indian court order. The Association of Appin Training Centers, a successor organization, has pursued legal action against multiple media outlets to remove references to Appin's illegal hacking operations, though this effort has faced resistance from organizations like the Electronic Frontier Foundation and DDoSecrets.

The company's influence persists through numerous successor organizations, with former Appin employees establishing and operating their own firms that continue similar surveillance and hacking operations.

Internal MISP references

UUID 849bac87-d549-44a8-a599-608806278392 which can be used as unique global reference for Appin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

AppLogic Networks

AppLogic Networks (formerly Sandvine) is a Canadian network intelligence company. A 2018 report by Citizen Lab found Sandvine DPI equipment being used in Turkey, Egypt, and elsewhere to block news, political sites, and inject spyware into downloads. In in 2020, Masaar conducted tests revealing that Sandvine equipment was used to block access to press and human rights websites in Egypt. In 2025, Amnesty International reported that Sandvine technology was central to Pakistan’s first national firewall system (WMS 1.0), enabling mass surveillance and censorship of online communications.

Internal MISP references

UUID 13c44b68-0107-4f54-afd2-95538e41360a which can be used as unique global reference for AppLogic Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.applogicnetworks.com/']

AppsFlyer

AppsFlyer collects and processes data using software development kits (SDKs) integrated into apps, which track user behavior and device identifiers. The company built settings that let their clients ignore people’s tracking preferences. AppsFlyer was noted to collect data such as Advertising IDs, GPS coordinates, user birthdays, gender, "target gender" (data on sexual orientation) and various metadata from apps like Tinder, Grindr, OkCupid, amongst many others, creating detailed user profiles and their activities.

Founded in Israel in 2011, the company also operates from an additional office in San Francisco, California.

Internal MISP references

UUID d9f5853b-2805-48ad-b8ce-cb6b5609ad65 which can be used as unique global reference for AppsFlyer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.appsflyer.com/']

Asia Global Technologies (AGT)

Led by Israeli entrepreneur Mati Kochavi, Asia Global Technologies (AGT) won a contract from the Abu Dhabi government in 2008 to create a “smart city” network of surveillance cameras, electronic fences and sensors that paid about $6 billion over seven years.

Internal MISP references

UUID e1966d14-8e01-4f0d-badc-0f81a09c4a9c which can be used as unique global reference for Asia Global Technologies (AGT) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Assac Networks

Assac Networks is an Israeli company that provides smartphone monitoring technologies. Its clients include other companies engaged in surveillance activities, such as Elbit Systems, Verint, and Rafael Advanced Defense Systems Ltd. Their mobile surveillance technologies are used by law enforcement agencies in Mexico, Colombia, Canada, Spain, and Singapore, amongst other countries. The company was also awarded a government contract from one of the Gulf Cooperation Council countries, although it is not known which one, as well as in at least 3 countries in Africa. In 2022, the company announced a major strategic investment and acquisition by ASPIS Technologies, Inc.

Internal MISP references

UUID eda66034-a4f8-45af-a991-346284826e4c which can be used as unique global reference for Assac Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://assacnetworks.com/']

Ateros

Ateros develops advanced wireless surveillance sensors to monitor Cellular, Wi-Fi, and Bluetooth communications, creating detailed communication fingerprints of targets. It claims to service customers in the Americas, EMEA and APAC regions. The products are primarily utilized for surveillance purposes by law enforcement, intelligence units, and at checkpoints and borders.

Internal MISP references

UUID d9c04e89-531e-4a47-95d3-3ecb239e38ca which can be used as unique global reference for Ateros in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ateros.net/']

Athena Information System

Athena Information System, a Hanoi-based company, facilitates Vietnam's surveillance efforts targeting Khmer minorities. Acting as a local partner, Athena enabled the purchase of OSINT tools, including solutions from Maltego Technologies and Social Links, as well as MD-VIDEO AI digital forensic software developed by South Korea's GMDSOFT to be used for this purpose.

Internal MISP references

UUID ea500754-f261-4da1-b80a-ade7936cc18c which can be used as unique global reference for Athena Information System in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Autel

Autel Robotics, a Chinese drone manufacturer, is a producer of drones with capabilities such as high-resolution cameras, precise surveillance tools, and the ability to carry out military functions like shooting or carrying payloads. Autel drones have been widely deployed in various conflict zones.

The Israeli Defense Forces (IDF) make extensive use of Autel drones. According to the Euro-Med Human Rights Monitor, while they were initially deployed for surveillance and intelligence gathering, including for indoor operations, their use later expanded to include direct attacks on Palestinian civilians, including children, women, and the elderly.

Autel drones are widely used by law enforcement agencies in the U.S, and have also been adopted by the British Army and UK police forces, including those in Nottinghamshire and Wiltshire. The company has a registered office in the UAE.

Internal MISP references

UUID be5dc2b3-5249-4317-9043-d934c3d7c0e4 which can be used as unique global reference for Autel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://autelrobotics.com/']

Auterion

Auterion provides software platforms like AuterionOS and Mission Control to manage drone-based surveillance operations. These tools enable autonomous mission planning, real-time data management, and live video streaming. The systems support various surveillance tasks by integrating payloads such as NextVision cameras, designed primarily for defense, law enforcement, and use by government agencies.

Internal MISP references

UUID 2fc100db-f474-4890-81c1-074d67b471be which can be used as unique global reference for Auterion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://auterion.com/']

AuthenMetric

AuthenMetric is a Beijing-based facial recognition company and a contributor to China's AI-driven surveillance initiatives. Their capabilities include mass video surveillance projects with facial recognition, voice-recognition software, and comprehensive DNA collection programs. AuthenMetric's technology has been deployed at China's borders.

Internal MISP references

UUID e1510443-c1fc-4281-990b-c13b2da13664 which can be used as unique global reference for AuthenMetric in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Avalanche

Avalanche, also known as Lavina-Pulse, is a Russian big data surveillance and online manipulation tool founded by Andrei Masalovich, a former KGB agent turned YouTube influencer. The platform provides web scraping and surveillance on behalf of its clients, gathering data from social networks, private groups, and niche forums to track and analyze individuals and organizations.

Avalanche's clients include Russian intelligence agencies (FSB and GRU), energy giants like Rosatom, Rosneft, and Gazprom, and regimes in countries such as Vietnam, Myanmar, and Nicaragua. The tool has been used to monitor environmental activists, journalists, NGOs, and political dissidents.

More than 100 accounts on Facebook and Instagram were linked to its services, according to a report by Meta.

Internal MISP references

UUID 212b1541-3541-4420-a838-37142b3223c3 which can be used as unique global reference for Avalanche in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://avl.team/']

Avathon

Avathon, formerly known as SparkCognition, markets its Visual AI Advisor as a tool for real-time surveillance and monitoring, using existing CCTV infrastructure to track, analyze and predict behavior.

SparkCognition has connections to controversial lobbying efforts, revealed in the scandal involving retired U.S General John Allen and his undisclosed financial ties to Qatar. Court filings revealed that Allen, while working with Qatari officials, sought to advance the interests of companies he was affiliated with, including SparkCognition. As a board member of SparkCognition, Allen reportedly used his position to promote the company's AI tools and services during his interactions with Qatari officials.

SparkCognition's Visual AI Advisor is deployed across over 130,000 cameras in 16 countries. The company's SkyGrid technology is installed in over 78,000 registered unmanned aerial vehicles (UAVs) across more than 190 countries.

Internal MISP references

UUID ca022815-354d-4892-b88e-2f4e49b7d12d which can be used as unique global reference for Avathon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://avathon.com/']

Avigilon

Avigilon, a subsidiary of Motorola Solutions, specializes in the design, development, and manufacture of advanced surveillance solutions that integrate artificial intelligence (AI) capabilities. Their products include high-definition cameras, video management software, and AI-powered analytics tools. One of the company's developments is the Avigilon Appearance Search technology, an AI-powered tool embedded in their Avigilon Control Center (ACC) video management software. This technology allows customers to search for individuals based on specific physical characteristics, such as hair and clothing color, gender, and age, effectively turning surveillance systems into tools for profiling. Avigilon's cameras are used in prisons, airports, schools and government facilities.

Internal MISP references

UUID 6a14f0b5-dcaf-4466-baf6-2255def849cc which can be used as unique global reference for Avigilon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.avigilon.com/']

Avnon Group

Avnon Group is an Israeli firm that develops and distributes surveillance technologies through various subsidiaries, such as Bler and Tactic Lab. It's founded by Tomer Avnon, a former Israeli Navy SEAL.

The company offers various tools for intelligence and law enforcement, like IMSI catchers and Wi-Fi sniffing equipment, to enable real-time mobile tracking and wireless communication interception. According to its official website, it operates in over 80 countries worldwide.

Avnon has established partnerships with various countries in the SWANA region, including Morocco and several Gulf nations. The company also has a significant relationship with Egypt, where its subsidiary Bler sold its monitoring tools, specifically its Webint Center platform, to Egypt's Technical Research Department through intermediaries.

Avnon sold social media-tracking software to Hungary, allowing the government to monitor online discourse and public opinion. The sale was approved by Israel's Defense Ministry.

Related to Avnon Group is Synaptech Capital, the first Israeli-Emirati venture capital fund to invest in Israeli and Emirati startups - including ones that develop and distribute surveillance technologies. Synaptech Capital was co-founded by Tomer Avnon and Obediah Ayton, COO of The Private Investment Group.

Internal MISP references

UUID 59fda361-9c23-4eb9-8204-79891fcd5854 which can be used as unique global reference for Avnon Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://avnongroup.com/']

Axis Communications

Axis Communications, a Swedish company known for its network cameras and other surveillance solutions, has a presence in the United Arab Emirates and sells its products there. In 2014, Axis praised mandatory video surveillance in Dubai. In 2015, the company was acquired by Canon Inc. The company provided its technology to China's public security system and was frequently mentioned as a "recommended brand" in Chinese state surveillance procurement documents from 2012 to 2019.

Internal MISP references

UUID 533fad4c-7dee-4190-b3bd-45863aa741c1 which can be used as unique global reference for Axis Communications in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.axis.com/']

Axon

Axon is a company that provides surveillance technologies primarily for law enforcement agencies worldwide. Their Axon Network connects people, devices, and apps to create an integrated ecosystem that includes TASER smart devices, police body cameras, and digital evidence management systems. Their surveillance technology portfolio includes realtime crime centers through their Axon Fusus platform. Axon's AI-powered ALPR cameras include the Axon Outpost, which integrates livestreaming, ALPR, and vehicle recognition capabilities into a single comprehensive device.

Internal MISP references

UUID 3e242feb-e3ba-49ff-bb24-941d243132f5 which can be used as unique global reference for Axon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.axon.com/']

Azimuth Security

Azimuth Security is an Australian cybersecurity firm best known as a "hack for hire" group that creates hacking tools, including those capable of breaking into iPhones. The company has gained recognition for its "artisanal" approach to developing exploits to craft precise and effective solutions. Azimuth's work has been utilized by law enforcement and government agencies, often in high-profile cases requiring advanced technical capabilities. In 2018, it was acquired by U.S. defense contractor L3Harris.

Internal MISP references

UUID 5bf93d86-8e25-4437-8df8-9303ee20f190 which can be used as unique global reference for Azimuth Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.azimuthsecurity.com/']

Babel Street

Babel Street provides tools that analyzes and monitors social media and other online sources for law enforcement and intelligence purposes. Used by U.S Secret Service, it can scrape data from over 25 social media sites, translate over 200 languages, and set up geo-fences with customizable filtering options. The software can also survey sentiment geographically over time and import data to other surveillance platforms like Palantir.

One of its primary AI products, Babel X, is used by the U.S Customs and Border Protection (CBP) to analyze the social media of U.S. citizens, refugees, and asylum seekers. Babel X can link social media posts to individuals' Social Security numbers, location data, and collect a wide range of other identifiers, including IP addresses, employment history, and unique advertising identifiers. CBP also uses Locate X, an add-on that includes smartphone location data, and has access to AdID information. Locate X can zoom into a specific location and display the movements of smartphones in that area. Each phone, represented by a red dot on the map, can be tracked individually. The tool can show the path a specific device has taken, including stops at various locations.

Babel Street's acquisitions include intelligence company Vertical Knowledge in 2024, Rosette, a text analytics platform, in 2022, and Dunami, a social media intelligence company, in 2020. Its board of advisers includes Robert Ashley, ex-director of the Defense Intelligence Agency.

Internal MISP references

UUID 4eec77d3-35b8-4943-92a8-b2d5fa1bc61d which can be used as unique global reference for Babel Street in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.babelstreet.com/']

BadBazaar

BadBazaar is a mobile spyware tool with variants targeting both Android and iOS devices. It has been linked to Chinese-backed hacking groups, such as APT15. This group is known by various names assigned by different cybersecurity organizations, including Vixen Panda, Ke3chang, Nickel, Playful Taurus, BackdoorDiplomacy, Mirage, GREF, RoyalAPT, Nylon Typhoon, Flea, and Red Vulture.

BadBazaar has primarily been used to target Uyghur, Tibetan, and Taiwanese individuals, as well as civil society actors who may oppose Chinese state interests.

The spyware is distributed through trojanized apps, including fake versions of popular communication tools like Signal and Telegram, as well as apps tailored to specific communities, such as Uyghur-language Quran apps. Once installed, BadBazaar can collect sensitive data, including call logs, GPS locations, SMS messages, and files. The spyware has also been observed spreading via social media platforms and official app stores.

The Chengdu-based contractor, Sichuan Dianke Network Security Technology Co., Ltd. (also known as UPSEC), was linked to the deployment of this malware.

Internal MISP references

UUID 8511d7dd-fbb8-45b0-b1fa-3fe24b974053 which can be used as unique global reference for BadBazaar in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Balgh

The Balgh (بلغ - meaning "report" in Arabic) platform, launched by Iraq's Ministry of Interior in January 2023, is a digital tool designed to allow citizens to report social media content deemed to "violate public morals" or "undermine social stability." Within just over a month of its launch, the platform received over 96,000 reports, resulting in prosecutions and prison sentences for individuals accused of publishing content deemed critical or offensive, including creators of music and comedy.

In a statement co-signed by the nonprofit INSM for Digital Rights in Iraq on January 2025, marking two years since the launch of Balgh, human rights organizations highlighted how the platform has enabled a pervasive culture of widespread surveillance and fear online. It has encouraged individuals to monitor and report one another to the Iraqi authorities, leading to arrests and interrogations.

Internal MISP references

UUID 69f04920-9672-46cb-8293-5aafedfd6465 which can be used as unique global reference for Balgh in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Barbaricum

Barbaricum, a Washington, D.C.-based security and intelligence contractor, held a $5.5 million contract with U.S. Immigration and Customs Enforcement (ICE) to monitor social media for threats and negative sentiment about the agency. The monitoring services provided under this contract included real-time surveillance, behavioral and sentiment analysis, and the tracking of negative references to ICE found on social media platforms.

Internal MISP references

UUID a42a7f07-6e88-41d3-b2dd-b9c8c973a375 which can be used as unique global reference for Barbaricum in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://barbaricum.com/']

BeeSense

BeeSense is an Israeli company that develops multi-sensor systems and wireless communication technologies for intelligence gathering and surveillance purposes. Its systems, such as the BEE-3 and FireFly, provide day-and-night observation capabilities and are designed for applications like border control. BeeSense has been endorsed by the European Union’s border agency, Frontex, which shortlisted the company for its surveillance solutions.

BeeSense is the rebranded name of Seraphim Optronics following its acquisition by the Avnon Group in July 2021.

The company's founder, Israel Kasher, who has served as President and CEO since its establishment in 1993, previously worked with a technical unit of the Israeli Defense Forces (IDF) Intelligence Corps.

Internal MISP references

UUID df5dcfb7-10da-4a0c-8825-a30cf6e3cfd3 which can be used as unique global reference for BeeSense in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://beesense-sys.com/']

BellTroX

BellTroX InfoTech Services is an Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years. A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms. Citizen Lab revealed in an investgiation that Dark Basin is a hack-for-hire organization linked to BellTroX. Their report also noted that Dark Basin is the group behind the phishing of organizations working on net neutrality advocacy, uncovered by a report by the Electronic Frontier Foundation.

Internal MISP references

UUID 1b2fc8cf-4be1-43af-9bee-f03ee9dbb71c which can be used as unique global reference for BellTroX in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Berico Technologies

Berico Technologies provided analytics solutions and surveillance technologies for government clients, including social media analysis for intelligence purposes. Patrick Ryan, who worked at Berico as a data mining expert, was involved in a proposal aimed at implementing real-time surveillance of politically active individuals and groups in the USA. In partnership with Palantir Technologies and HBGary Federal, the proposal would have included spying on the families of prominent Democratic activists and planting fabricated documents within labor unions to undermine their credibility. Novetta, Inc., a portfolio company of The Carlyle Group, acquired Berico Technologies in November 2018 for an undisclosed sum. Novetta was then acquired by Accenture Federal in 2021.

Internal MISP references

UUID 16695625-1695-414f-a2b8-225104d4489b which can be used as unique global reference for Berico Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Berla

Berla is a Maryland-based company that develops vehicle forensics products, with its primary tool, Project iVe, allowing law enforcement to extract and analyze vast amounts of data from vehicles. This includes vehicle-generated information such as GPS logs, door activity, and even data from connected devices like smartphones via Bluetooth or USB.

Berla collaborates with automobile manufacturers and the U.S. Department of Homeland Security (DHS), ensuring law enforcement has access to vehicle data while bypassing smartphone encryption. The company claims its technology can access data from over 6,700 car models globally.

Internal MISP references

UUID a7ad94d8-b35c-4947-981e-3f5933bbd36d which can be used as unique global reference for Berla in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://berla.co/']

BGH Tech Partner

Boris Garfunkel e Hijos (BGH) is an Argentinian company that distributes surveillance technologies to law enforcement agencies. According to press reports, this includes facial recognition software as well as license plate readers. The company also sells Hikvision products.

Internal MISP references

UUID 6b695239-0f2d-464c-a349-4746a9cbd47e which can be used as unique global reference for BGH Tech Partner in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

BI Incorporated

BI Incorporated is a subsidiary of the GEO Group, a private prison company that operates more than a dozen for-profit immigrant detention centers nationwide on behalf of ICE (Immigration and Customs Enforcement) in the United States. BI Incorporated operates the technology and manages the system for the U.S. government's Alternatives to Detention program. This program uses various surveillance tools to monitor migrants and asylum seekers awaiting their immigration proceedings. The surveillance technologies used in the Alternatives to Detention program include GPS-enabled ankle monitors, voice recognition technology, and a mobile app called SmartLINK that uses facial recognition software and geolocation for check-ins. The program's surveillance creates "digital enclaves" - areas with high concentrations of monitored migrants, effectively extending the border's reach into various U.S. cities and neighborhoods.

According to The Guardian, "BI Incorporated operates the Intensive Supervision Appearance Program (ISAP), a surveillance system launched in 2004 and pitched as a way to keep immigrants out of detention centers while they await a court hearing on their legal status. The U.S government pays BI hundreds of millions of dollars a year to run ISAP, and in 2020, the company signed a new five-year contract with ICE for nearly $2.2 billion."

The company is expanding its surveillance toolkit. In April, 2023, ICE announced it was pilot testing a facial recognition smartwatch as a potential addition to their e-monitoring systems. In 2025, it was revealed that ICE intends to expand its surveillance program by fitting over 180,000 immigrants with ankle monitors (and wrist trackers for pregnant women) while they await court proceedings. These devices are supplied and managed by BI Incorporated.

Internal MISP references

UUID 69075744-f707-4af2-87c5-5d9f0846f514 which can be used as unique global reference for BI Incorporated in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://bi.com/']

BI2 Technologies

BI2 Technologies is a developer of biometric identification systems. Their main product is called I.R.I.S., which scans a person’s iris to quickly check their identity. They also have a mobile system called MORIS that can capture iris and facial data using a smartphone or tablet, allowing law enforcement to identify people in the field.

In October 2025, an article in the Washington Post revealed that the company is a contractor for U.S. Immigration and Customs Enforcement (ICE). ICE awarded the company a sole-source contract worth $4.6 million to provide a mobile iris-scanning system for use by its agents. Border sheriffs along the U.S.-Mexico border have also adopted the company's iris-recognition technology.

Internal MISP references

UUID 8736644b-3400-4ac5-aa5c-248088c46490 which can be used as unique global reference for BI2 Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://bi2technologies.com/']

BigBear.ai

BigBear.ai is a provider of AI-powered decision intelligence solutions, including predictive analytics, computer vision, and event alerting technologies. Their products utilize AI and machine learning to provide surveillance capabilities. The company actively collaborates with government agencies, including the Department of Defense (DoD), Department of Homeland Security (DHS), and the Intelligence Community (IC). BigBear.ai's surveillance capabilities include monitoring and analyzing social media as part of its Virtual Anticipation Network (VANE).

In 2024, BigBear.ai acquired Pangiam, a company that provides surveillance tools including facial recognition systems for border control agencies.

Internal MISP references

UUID f3952ae5-b2a4-479d-9ad5-efbc42eb9a67 which can be used as unique global reference for BigBear.ai in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://bigbear.ai/']

Bilgi Teknoloji Tasarım

Bilgi Teknoloji Tasarım (BTT) is a Turkish spyware manufacturer that also facilitates surveillance technology sales, often employing deceptive practices to bypass export restrictions. According to an Al Jazeera investigation, BTT's co-founder, Alper Tosun, proposed using the "dual-use" ruse to market surveillance equipment as benign telecom tools. This tactic allowed BTT to sidestep international regulations and sell powerful interception tools, such as IMSI-catchers, to repressive regimes.

BTT's controversial history includes its exposure in the 2015 Hacking Team leaks, which revealed its intermediary role in supplying surveillance software to Bangladesh's National Telecommunication Monitoring Centre (NTMC). Following these revelations, BTT underwent significant transformations. It was acquired in 2017 by the Emirati firm B Research and Development but later ceased operations. However, its spyware and surveillance activities continued through corporate rebranding and restructuring.

In 2022, BTT reemerged as Ikon Arge Teknoloji, a Turkish-Singaporean entity with ties to Southeast Asia. Ikon inherited BTT's expertise and staff, including its former R&D chief Alper Tosun, before his "retirement." Officially, Ikon focuses on software R&D, including drone technology, and serves Turkish government agencies like TUBITAK while maintaining a presence in Southeast Asia through its Singapore branch. Despite its claims of working in sectors like banking, Ikon's history and connections suggest a continued involvement in surveillance technologies. Lam Chee Loong is a key figure in BTT's Singapore operations.

Internal MISP references

UUID b2d5fc48-d200-49ad-b523-f0edfd565d22 which can be used as unique global reference for Bilgi Teknoloji Tasarım in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.btt-int.com/']

Bindecy

Led by Eylon Ben Yaakov and Daniel Shapiro, both formerly of IT security research start-up KayHut, the company provides a range of digital surveillance tools and has secured cyber offensive contracts with Israeli intelligence services. Additionally, Bindecy advanced its capabilities by acquiring intellectual property from the former Israeli spyware firm Merlinx (which supplied its tools to Bangladesh's intelligence service, via Israeli-PC integrator Prelysis.)

Internal MISP references

UUID 768c4250-f77c-4252-a000-d436403de9e0 which can be used as unique global reference for Bindecy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.bindecy.com/']

BITS Pilani

BITS Pilani is one of India’s premier institutes for higher education and research. In collaboration with the Goa Police, BITS Pilani developed an AI-based radical content analyzer designed to monitor and analyze online and offline content, including videos, for specific sentiments. The institute also develops IoT-based smart surveillance cameras with face detection, which it showcased in a workshop in the UAE.

Internal MISP references

UUID 7c912fbe-bdc4-4d8e-9ef0-7cfdae26e497 which can be used as unique global reference for BITS Pilani in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.bits-pilani.ac.in/']

Black Cube

Black Cube is a private intelligence agency based in Israel that provides intelligence and investigative services to a wide range of clients. The agency was founded by former Israeli intelligence officers, with offices in London and Madrid. Black Cube is known for conducting corporate espionage, intelligence gathering, and investigations on behalf of corporations, governments, and high-profile individuals worldwide. Its clients include Harvey Weinstein and Trump. It was banned by Meta for its surveillance activities on its platforms. Its international advisory board included Meir Dagan, former head of Mossad, and Yohanan Danino, former Israeli Police Commissioner, as well as Major General Giora Eiland, former head of the Israeli National Security Council, and who headed the IDF's Operation Branch. Former NSO CEO Shalev Hulio admitted to hiring Black Cube at in at least one situation in Cyprus.

Internal MISP references

UUID c0afb52e-85dc-4716-9d34-17031f51f9c3 which can be used as unique global reference for Black Cube in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.blackcube.com/']

Black Wall Global

Led by Israeli intelligence veterans, Black Wall Global is an entity based in Dubai that serves as a back-channel for Arab countries seeking to procure and deploy Israeli surveillance technologies. This includes technologies developed by Israeli companies like Israel Aerospace Industries (IAI), Elbit Systems, and others, specifically to obtain access to advanced surveillance drones and systems for intelligence gathering.

Internal MISP references

UUID f360b3ea-fe12-48d8-aa7e-077cf5299cd2 which can be used as unique global reference for Black Wall Global in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.blackwall.global/']

BlackBag Technologies

BlackBag Technologies develops digital forensic and incident response software for analyzing traditional device data for Windows, Mac, iPhone and Android devices. It was acquired by Cellebrite, the Israeli company which works with police departments and government agencies to unlock phones for data-scraping purposes. It's funded by In-Q-Tel, which is a CIA-owned investment firm that supports U.S intelligence capabilities.

Internal MISP references

UUID ef8165ca-9296-476b-8c9d-4233e53579dd which can be used as unique global reference for BlackBag Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Blackdot Solutions

Blackdot Solutions, a Cambridge-based company, offers a surveillance and investigation platform called Videris, which is marketed as an open-source intelligence (OSINT) tool. Videris is designed to help government agencies, law enforcement, banks, and corporations conduct discreet investigations into crimes. It organizes publicly available information into charts and graphs for easier analysis. However, a leaked 2018 user manual revealed that Blackdot provided instructions on creating fake Facebook and LinkedIn accounts to gather data from users, including circumventing privacy settings. These practices, which involve using proxy servers and "breaking in" fake accounts by mimicking normal user behavior, were detailed to avoid detection by social media platforms.

Internal MISP references

UUID 663c2f05-b79c-4d06-9a65-7824d459ebc2 which can be used as unique global reference for Blackdot Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://blackdotsolutions.com/']

Bler

Bler is an Israeli company founded by Efim Lerner and Uri Boros. It develops a range of surveillance tools, such as a GTM platform designed for in-depth analysis of social media profiles and interactions. Bler's Webint Center platform provides capabilities such as the geolocation of targets through social media metadata, avatar management systems, and Dark Web monitoring extensions. This platform was supplied to Egypt's Technical Research Department (TRD) via Singapore-based CloudCode and Ukrainian partner Cyberio.

Bler also developed an interception and social network monitoring system and utilizes IMSI catchers in its operations. This system, when associated with an IMSI catcher or a WiFi interceptor, can reconstruct the profile of smartphone users within a 600-meter radius.

The company operates as a subsidiary of Avnon Group.

Internal MISP references

UUID 70652499-73bd-4c81-9e9f-fc19d3d6accd which can be used as unique global reference for Bler in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.blersys.com/']

Blighter Surveillance Systems

Blighter Surveillance Systems develops electronic-scanning (e-scan) radar and surveillance technologies for border control and military applications. Their products include the B422 LR Border Surveillance System, which offers 360° e-scan coverage and long-range detection of individuals up to 15 km, and the Lightweight Mobile E-Scan Radar. These systems are accompanied by software solutions like the C2 Radar Command & Control Software, which integrates radar data for advanced target tracking. Their surveillance technologies are deployed in over 35 countries, often sold through subsidiaries.

Blighter also has a strategic partnership with Trust International Group (TIG), a key player in the UAE’s defense and intelligence sector under the Royal Group, led by Tahnoon bin Zayed, the son of Zayed bin Sultan Al Nahyan ( the founder of the UAE), and who has served as the country's National Security Advisor since 2016.

Internal MISP references

UUID e0c8e1e2-c039-47e1-9253-dde2a2cacc1a which can be used as unique global reference for Blighter Surveillance Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.blighter.com/']

Blocksi

Blocksi uses AI and natural language processing (NLP) to scan students' digital interactions, including emails, documents, chats, and search queries within Google Workspace and Microsoft 365 environments.

Internal MISP references

UUID b1f43e63-af46-42b9-9b9f-e39b358cc7b4 which can be used as unique global reference for Blocksi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://blocksi.net/']

Blue Ocean

Blue Ocean is an offensive cyber firm headquartered in Singapore and with offices in Tel Aviv, Israel. The company, founded in 2017 by retired Brigadier General Rami Ben-Ephraim and Lieutenant Colonel Ron Tira, both former high-ranking Israeli Air Force officers, develops spyware for intelligence gathering. It is also involved in training and developing local surveillance expertise in the funding countries. Towards the end of his military service, Ben-Afriam served as a military attaché for the IDF and the Ministry of Defense in several countries in the Asia-Pacific region, including Singapore, Thailand, and New Zealand.

Singapore's Ministry of Defense has contracted Blue Ocean to supply a team of researchers, a role previously filled by Israeli spyware developer Candiru, while Sweden has become the firm's primary European client, according to Intelligence Online.

The company's CEO, Avi Rosen, was previously the former CEO of Kamira, a cyber company established by NSO founders Shalev Hulio and Omri Lavie. Retired General Giora Eiland, known for his role on the board of private investigation firm Black Cube (whose clients include Harvey Weinstein and Trump), serves on Blue Ocean's board.

The company has special security approval, giving it economic immunity. Unlike other Israeli spyware firms facing export controls and U.S. restrictions, it has secured significant investments and operates internationally with less scrutiny.

Internal MISP references

UUID b0ee3151-2475-4426-8b6e-aecb797157cd which can be used as unique global reference for Blue Ocean in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Bluehawk CI

Bluehawk CI is an Israel-based firm that reportedly offers a range of cyber intelligence and surveillance tools and services, including spyware and hacking tools. Like similar firms, Bluehawk CI markets its services to government agencies, law enforcement, and intelligence organizations. According to the Daily Beast, the company was founded by Guy Klisman, a former Israeli military intelligence officer, and describes itself as an intelligence firm staffed by “alumni from special units in the Israeli intelligence community.” The firm was used to dig up information on people with lawsuits against the emirate of Ras Al Khaimah in the UAE.

Internal MISP references

UUID b7339f5a-7ad4-4a5b-be80-94590dd1dca5 which can be used as unique global reference for Bluehawk CI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Bold Technologies

Bold Technologies, an Emirati company, is a supplier of cyber intelligence, forensics, and related tools to various government agencies. It's currently a partner in Abu Dhabi's $2.5 billion Aion Sentia initiative, an AI-powered smart city project launched in March 2025. It is working alongside Italian firm Negg, which is a developer of spyware technologies. The company is also partnered with China's Huawei.

Internal MISP references

UUID 70d72079-ede2-4f2c-aeff-685fa854887c which can be used as unique global reference for Bold Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Boldend

Boldend, founded in 2017 by Jon Miller and based in San Diego, is a cybersecurity startup. It stays out of the spotlight and calls itself a "SaaS Next-Generation Defense Contractor." The company creates tools for cyber warfare, with an emphasis on automation and advanced intelligence activities. Boldend's tools have reportedly been able to exploit WhatsApp's security to install malicious software on target devices.

Its products include Origen, described as an "all-in-one malware platform" that enables the creation of malware for multiple platforms, including Windows, Linux, Mac, and Android. It is designed to hack into devices and extract data. Additionally, Boldend has developed other tools and platforms for surveillance purposes, such as Kevlar (implant analysis), Hedgemaze (traffic obfuscation), and Cricket (Wi-Fi attack hardware).

Boldend has primarily worked with government entities, including various branches of the U.S. government. In August, 2024, it was acquired by SIXGEN, a cybersecurity company.

Internal MISP references

UUID 3859595c-3bbd-4436-89e2-57578c83b1fe which can be used as unique global reference for Boldend in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://boldend.com/']

Booz Allen Hamilton

Booz Allen Hamilton is an American management and IT consulting firm with extensive ties to U.S. intelligence, defense, and homeland security agencies, providing strategic and technological support to government operations, including for surveillance purposes. The company offers data analytics, cybersecurity, and AI-powered monitoring tools, enabling real-time tracking, risk assessment, and predictive modeling.

Booz Allen has provided services to U.S. Immigration and Customs Enforcement (ICE), including technical support for surveillance programs targeting immigrants and border activities. These contracts have included work on biometric data systems, information-sharing platforms, and analytics tools that support ICE's enforcement and deportation operations.

Internal MISP references

UUID 5db7615b-1359-410d-96c2-3c6d2117022a which can be used as unique global reference for Booz Allen Hamilton in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.boozallen.com/']

BriefCam

BriefCam is a leading provider of Video Content Analytics (VCA) solutions, using artificial intelligence and machine learning to extract detailed insights from video surveillance footage. Their technology enables customers to rapidly review, search, and analyze hours of video in minutes, identifying objects, events, and patterns with high precision. BriefCam’s capabilities include real-time alerting, multi-camera search, and video summarization. BriefCam’s technology is primarily used by law enforcement and government agencies, as well as for "smart city" initiatives. In 2018, Canon completed its acquisition of BriefCam. The company’s partners include other surveillance entities such as Cognyte, Axis Communications, Pelco and IndigoVision.

Internal MISP references

UUID 814978b4-37bb-4d66-9189-e37f0f562d93 which can be used as unique global reference for BriefCam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.briefcam.com/']

Butterfly Effect

Butterfly Effect, a spin-off from the Kazakh tech group Kazdream, specializes in telephone interception and open-source intelligence (OSINT) tools. The firm is actively expanding its international presence, establishing a representation bureau in Dubai to target public sector contracts in the Middle East. To facilitate this, its chief commercial officer, Rinata Ilyubayeva, has been engaging with major regional players like the UAE's surveillance powerhouse Group 42 (G42) and Edge Group's subsidiaries, Sign4l and Beacon Red, at events such as the Gulf Information Technology Exhibition (GITEX).

In 2022, it launched a new intercepted data analytics platform named Triton, designed to complement its existing telephone interception and open-source intelligence systems.

Butterfly Effect's offerings also include advanced cyber tools such as "Artemida," a law enforcement platform designed for mass location and behavioral analysis.

Internal MISP references

UUID fa72f615-d9d8-4ae5-9bea-ac8c0ac71a79 which can be used as unique global reference for Butterfly Effect in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

C3 AI

C3 AI, founded by billionaire Tom Siebel, develops law enforcement surveillance technologies distributed through Project Sherlock, a $12 million AI-powered surveillance system developed for the San Mateo County Sheriff's Office. The project was designed to unify data streams from at least 15-16 different police agencies, integrating information from license plate readers, surveillance cameras, and arrest records into a single AI-powered application. The system has been plagued by technical problems, including data security issues where the software was found to be ingesting "restricted cases" that should only have been visible to select individuals.

Despite these local law enforcement struggles, C3 AI has secured significantly larger government contracts, most notably a five-year, $500 million agreement with the U.S. Department of Defense.

It counts Amazon Web Service as a longtime partner, and also works closely with Google Cloud.

Internal MISP references

UUID 79fa76e6-bb63-48a1-a6b5-08f17298a40a which can be used as unique global reference for C3 AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://c3.ai/']

Callyo

Founded in 2009 by Chris Bennet, Callyo is a Florida-based provider of surveillance tools for U.S. federal and law enforcement agencies. The company's tools enable tracking of locations, interception of calls, and turning smartphones into covert recording devices - all without the user's knowledge. One of Callyo's unique features is its ability to facilitate international wiretapping without requiring authorization from local authorities. By intercepting calls and routing them through virtual numbers to its servers, the software ensures that investigators can listen to and record conversations undetected. In Massachusetts, the Boston Police Department and State Police have faced scrutiny for using Callyo's app without obtaining proper warrants. An internal audit revealed that Massachusetts State Police had used the app in at least 250 cases without proper disclosure.

The company was acquired by Motorola Solutions in 2020.

Internal MISP references

UUID 0485498b-433f-4238-857e-2a38b6186316 which can be used as unique global reference for Callyo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

CalypsoAI

CalypsoAI, founded by Neil Serebryany, Davey Gibian, and Victor Ardulov, is a developer of AI surveillance and security technology, including the VESPR platform, designed for national security applications. Backed by investors like Hakluyt Capital, CalypsoAI has established itself as an intelligence partner for U.S. government agencies, including the Department of Defense, the Department of Homeland Security, and the U.S. Air Force. In late 2023, the company joined Palantir's FedStart program, which supports the deployment of advanced AI technologies for U.S. government operations.

Internal MISP references

UUID 92838084-ae29-470c-a867-dc3005f44b7e which can be used as unique global reference for CalypsoAI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://calypsoai.com/']

Camerite Sistemas

Camerite Sistemas S.A., headquartered in Joinville, Brazil, is a pioneering cloud-based video surveillance company founded in 2012 by Cristian Aquino. Camerite's suite of products include a platform and mobile apps (iOS/Android) featuring AI-enabled video analytics, such as facial recognition, license plate reading (LPR/OCR), object detection, heat maps, and advanced search filters.

Camerite has executed significant city-level surveillance projects. In Naviraí, Mato Grosso do Sul, the company installed 100 cameras, including plate readers and 24/7 monitoring terminals, integrated with a cloud-based platform accessible to law enforcement agencies for realtime viewing.

Internal MISP references

UUID 7d59ed50-9618-43eb-acf6-95f4202e5c0d which can be used as unique global reference for Camerite Sistemas in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://camerite.com/']

Camero

Camero is a provider of Sense-Through-The-Wall (STTW) solutions, specializing in the Xaver series of tactical through-wall radar systems designed for military and law enforcement use. These radar-based systems enable continuous monitoring of individuals within a room while operators remain outside. The company was acquired by South Korea based SK Group, a leader in military technology in 2011.

Internal MISP references

UUID 02369b3a-87bc-4b07-9d66-8ccda9b294b8 which can be used as unique global reference for Camero in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://camero-tech.com/']

Candiru

Israeli firm Candiru was founded in 2015 by Eran Shorer and Yaakov Weizman. According to Haaretz, the largest shareholder in Isaac Zack, who has been its chairman since the beginning and was also a founding funder of NSO. In 2021, malware manufactured by Candiru was found on the phones of politicians, journalists, and scholars in Iran, Yemen, Israel, the United Kingdom, and Turkey. Candiru has changed names multiple times, to Grindavik, then DF Associates, then Taveta, then Saito Tech, but it is still commonly known as Candiru. Founded in 2014, is thought to be Israel’s second-largest spyware maker after NSO. With funding from NSO investors as well as the government of Qatar, its systems have been found to have been operated by multiple countries, including Saudi Arabia, Israel, UAE, Hungary, Indonesia, and Uzbekistan. In November 2021, the US Commerce Department added Candiru and NSO to its trade blacklist.

Researchers from Recorded Future's Insikt Group have identified active infrastructure associated with Candiru's spyware, known as DevilsTongue, in Hungary and Saudi Arabia. This spyware targets Windows systems and is believed to be deployed through spear-phishing emails, malicious links, and compromised websites.

In 2025, Integrity Partners, a U.S. investment firm, acquired Candiru’s assets for up to $30 million, moving its operations and staff to the new entity Integrity Labs Ltd., which is not subject to U.S. sanctions. The deal aims to bypass U.S. restrictions after Candiru was blacklisted in 2021 over national security concerns.

Internal MISP references

UUID d8571c23-19f3-4f56-adf0-2676bff58108 which can be used as unique global reference for Candiru in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Carbyne

Carbyne is a company headquartered in New York, with offices in Israel and Mexico. Founded by Amir Elichai, a former security guard for the Israeli consul general, Carbyne has its roots in Israeli intelligence, with ties to Unit 8200, a division known for its expertise in surveillance operations. Unit 8200 has been criticized for its surveillance activities, which include monitoring Palestinian civilians for coercive purposes and conducting surveillance on Palestinian-Americans through an intelligence-sharing arrangement with the NSA.

Carbyne’s platform, marketed as an enhancement for emergency response, allows for extensive data collection from mobile devices and IoT sensors without explicit user consent. When a 911 call is made, Carbyne can automatically access the caller's precise location and video feed from their smartphone, effectively turning personal devices into surveillance tools. This capability is expanded through partnerships with major tech companies like Cisco, enabling the collection of data from smart city infrastructure, such as road cameras and streetlamps, often without the public's awareness.

The company's advisory board includes notable figures such as former U.S. Secretary of Homeland Security Michael Chertoff and former Israeli Prime Minister Ehud Barak, furthering its deep ties to both the U.S. and Israeli security establishments.

Internal MISP references

UUID 72f0586a-3a1b-418e-997f-0b1c636c2500 which can be used as unique global reference for Carbyne in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://carbyne.com/']

CellXion

CellXion is a UK company that specializes in communications interception technologies. It has sold £1 Million worth of cellphone-spying devices to UK police. The company is one of the leading providers for IMSI catchers (covert communications data capture equipment that can track a phone's location and intercept phone calls and messages.)

According to Balkan Insight, CellXion received licenses to supply Serbia with wireless communication interception tools.

Internal MISP references

UUID 1a89a45d-28c0-4d8c-a96e-7eb6f4b66056 which can be used as unique global reference for CellXion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cellxion.net/']

Cemtrex

Cemtrex Inc. is a technology company that provides surveillance solutions through its subsidiary, Vicon Security. Its tech is used for monitoring prisons, jails, and the U.S.–Mexico border. Its Roughneck AI Camera Series and Valerus Video Management Software include features such as AI-based analytics.

Internal MISP references

UUID bd9c9f04-7a59-4e59-a86e-a02c751232c9 which can be used as unique global reference for Cemtrex in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://cemtrex.com/']

ChapsVision

ChapsVision is a technology company specializing in data processing, with a strong focus on surveillance solutions. It integrates advanced video analysis and artificial intelligence to deliver what it calls "intelligent video surveillance systems." These systems are designed for various applications, including automated tracking of individuals or objects using pan-tilt-zoom (PTZ) cameras.

Through its ACIC division, ChapsVision customizes solutions for surveillance, public monitoring, and people counting, utilizing a network of cameras and image analysis to automate such monitoring tasks. Through AI-augmented tools, the company also offers an integrated suite of solutions designed to access, gather, monitor, and analyze information from diverse global sources.

Internal MISP references

UUID c0ab3988-4c8d-4c74-8cf7-f5e56fb255c0 which can be used as unique global reference for ChapsVision in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.chapsvision.com/']

Circinus

Circinus is a defense and intelligence contractor that provided social media monitoring and intelligence for the UAE. Acquired by U.S Republican fundraiser Elliott Broidy from former US Army intelligence officer Alan Stone in 2014, Circinus operated a $200 million contract with the UAE's armed forces. It also maintains contracts with the US Army Intelligence and Security Command (INSCOM) and US Special Operations Command (USSOCOM).

Circinus has marketed surveillance and data-mining tools to various government agencies, including in Cyprus, Tunisia, Romania, and the UAE, with pitch documents touting capabilities like identity resolution and social media geolocation.

Former Circinus executives, including ex-CIA officers, have capitalized on the company's connections to establish new surveillance and intelligence ventures. Keith Noble, a former Circinus director, now runs BlackCloud International, which markets OSINT tools to governments, including contracts in the UAE and Eastern Europe. Similarly, Nick Williams, another former executive, has launched WMi General Trading in Abu Dhabi.

Internal MISP references

UUID b29112a1-954f-4fc1-bdbb-991335553035 which can be used as unique global reference for Circinus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://circinusworldwide.com/']

Circles

An NSO linked company providing technology that exploits SS7 vulnerabilities to track phones. According to leaked documents, Circles customers can purchase a system that they connect to their local telecommunications companies’ infrastructure, or can use a separate system called the “Circles Cloud,” which interconnects with telecommunications companies around the world. Circles Technologies was founded by Tal Dilian, a former commander of the IDF's Intelligence Corps Technological Units.

Internal MISP references

UUID 5ed92c14-3471-48b0-a1a2-1cbd1d9ee6f3 which can be used as unique global reference for Circles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Citadel

Citadel is involved in Russia's telecom surveillance industry, creating and supplying monitoring and data interception tools. The company has strong connections to the Federal Security Service (FSB) of Russia. It also operates through various subsidiaries that provide different aspects of telecommunications and surveillance technology.

It is recognized as one of the largest providers of SORM (System for Operative Investigative Activities) technologies.

Internal MISP references

UUID 03350f6e-3876-4c60-b70a-80bf62b112cf which can be used as unique global reference for Citadel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

City Shield

City Shield, a private security group based in Detroit, has been employed by the University of Michigan to conduct surveillance on pro-Palestinian student groups. The university has paid City Shield's parent company, Ameri-Shield, over $800,000 between June 2023 and September 2024 for these services. The surveillance activities included following, recording, and eavesdropping on students, with some reports of investigators threatening and attempting to harm students physically. The evidence gathered by City Shield has been used by Michigan prosecutors to charge students.

Internal MISP references

UUID 76b1f9c3-e22e-41c9-8d67-e57d682a854d which can be used as unique global reference for City Shield in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://cityshieldsecurity.com/']

Clearview AI

Using a growing database of over 30 billion images scraped from social media and other online platforms, Clearview AI provides law enforcement and private entities with the ability to identify individuals through facial recognition software. This technology was also used by U.S federal agencies, including ICE and the FBI, to surveil immigrants, activists, and protesters, often targeting leftist groups and individuals critical of political figures. According to 404 Media, Clearview reportedly attempted to purchase Social Security numbers and mugshots from all 50 states in the U.S to expand its database. In 2025, ICE awarded the disputed facial recognition firm its largest government contract yet amid its ongoing crackdown targeting immigrants.

Internal MISP references

UUID 7f819fb4-c464-4e92-a3a4-992b236ad8f4 which can be used as unique global reference for Clearview AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.clearview.ai/']

CloudWalk Technology

CloudWalk Technology is an AI company that has developed facial recognition software designed to track and surveil members of ethnic minority groups, including Tibetans and Uyghurs, and alert authorities if too many individuals gather in specific locations. Cloudwalk’s surveillance technology is also used outside of China. In 2018, Cloudwalk and the Zimbabwean government agreed to the installment of a mass surveillance network in Zimbabwe. The agreement included a requirement that the Zimbabwean government send images it acquires from the surveillance network back to Cloudwalk’s offices in China, so that Cloudwalk could improve the ability of its facial recognition software to recognize individuals based on skin pigmentation.

Internal MISP references

UUID 125929da-2c7e-41c0-8de6-ea5bd258027d which can be used as unique global reference for CloudWalk Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cloudwalk.com/', 'https://www.cloudwalk.cn/']

Cobham

Cobham is a provider of border monitoring and intelligence gathering technologies. The company develops advanced tools for audio, video, and IP transmission, as well as tagging, tracking, and locating systems, which are used for real-time surveillance and data collection.

Its Special Mission division provides airborne border surveillance, including contracts with the Australian government for maritime and border monitoring. Cobham also develops covert and overt surveillance systems, such as COFDM IP Mesh solutions and non-line-of-sight video surveillance. Cobham’s systems are integrated into vehicles, allowing for covert and overt surveillance by law enforcement agencies and military operations.

Internal MISP references

UUID 6da66d7a-decb-4eef-abe4-7f006bc1cae6 which can be used as unique global reference for Cobham in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cobham.com/']

Cobwebs Technologies

Cobwebs Technologies is an Israeli company whose surveillance software collects data from phones and social media activity, converting it into intelligence. The Los Angeles Police Department is amongst its users. Cobwebs has secured contracts with several U.S federal agencies, including U.S. Immigration and Customs Enforcement (ICE) through its Delaware-based branch, Cobwebs America Inc. In 2023, Cobwebs was acquired by PenLink through the support of private equity firm Spire Capital, a year after PenLink had also acquired another surveillance company, GeoTime.

Internal MISP references

UUID 63317763-7c22-48b0-96e1-43db2919c024 which can be used as unique global reference for Cobwebs Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Cognitec Systems

Cognitec Systems is a face recognition technology company. One of its products, FaceVACS, delivers extensive surveillance functionality that goes beyond basic face matching. The system can guess ethnicity based on a person's skin color, flag suspects on watch lists, estimate the age of a person, detect gender, and "track" faces in real time. According to the company, it also helps identify suspects if they have tried to evade detection by putting on glasses, growing a beard, or changing their hairstyle. It is used at border checkpoints in several countries, including Germany.

The New South Wales Police Force in Australia stopped using the company's PhotoTrac Suspect Identification System after concerns about the program's ineffectiveness and a tendency for "producing false identification matches when it comes to racial minorities in particular."

The company was acquired by SALTO Group in March, 2022.

Internal MISP references

UUID 65e24909-2ac6-4ec0-b832-71d08edf4ac8 which can be used as unique global reference for Cognitec Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cognitec.com/']

Cognyte

Cognyte Software Ltd is an Israeli company that develops analytics software and is known to be a notorious surveillance vendor. Cognyte, currently located in Herzliya, Israel, shares an address with Verint and now provides cyberintelligence services similar to those previously offered by Verint. An investigation by Haaretz uncovered that Cognyte's mass surveillance technology has been sold to Myanmar in recent years. Its software was also unlawfully utilized by Brazil’s intelligence agency to monitor and intimidate prominent politicians, journalists, judges, and environmental officials in the country during Jair Bolsonaro’s far-right administration. In 2022, Cognyte sold a portion of their intelligence analytics software to the Volaris Group, a Canadian private equity firm, for US $47.5 million.

The company also brought on Nadav Argaman, the former director of Israel’s internal security service Shin Bet, as a strategic senior advisor to continue developing closer ties to Israel’s intelligence establishment.

Internal MISP references

UUID b3df3c22-1921-48f4-afc3-04941d434b19 which can be used as unique global reference for Cognyte in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cognyte.com/']

Compelson Lab

Compelson Lab offers software, such as MOBILedit Forensic, that allows security forces to extract sensitive data from confiscated mobile phones and smartwatches. It can also access data from cloud services like Dropbox, Google Drive, and Microsoft OneDrive, as well as social media apps like Facebook, WhatsApp, and LinkedIn.

Law enforcement agencies in various regions, including Delhi and Hyderabad Police in India, use MOBILedit.

Internal MISP references

UUID 148c36ef-ce51-42eb-8f2c-b73984626758 which can be used as unique global reference for Compelson Lab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mobiledit.com/']

Complementics

Complementics is a data broker that captures mobile location data, extracting detailed insights from apps installed on users’ smartphones. According to a report by VICE, Complementics collected location data from mobile applications and funneled it to firms like Venntel, which in turn sold this data to U.S. government agencies including ICE, DHS, and the FBI. This allowed federal agencies to circumvent warrant requirements and track people’s movements via commercial data streams.

Internal MISP references

UUID b8abfc96-c206-409d-9ceb-ce9e6adae09a which can be used as unique global reference for Complementics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.complementics.com/']

ComsTrac

ComsTrac Limited is a developer of surveillance and interception technologies, including IMSI catchers for GSM/UMTS/LTE networks, passive and hybrid GSM interceptors, and related tools that enable cellular monitoring and tracking. Their official website also markets the Mosaic OSINT suite for "monitoring and manipulating social media" and other online platforms, RF direction-finding systems, and surveillance systems integrated with drones. More specifically, their website boasts of the ability to develop "Trojans and Hacks to invisibly attack targeted iOS, Android and Blackberry handsets plus all Windows format and Mac OS computers. All social media apps such as WhatsApp, Viber, Line and Telegram can be intercepted and read along with all internet browsers, emails and cellular voice and messaging transmissions."

ComsTrac is listed among the UK companies authorized to export telecommunications interception technology, including IMSI catchers, to various countries, including those with abysmal human rights records. The company has a subsidiary named Comstrac FZE operated out of Ajman, the United Arab Emirates.

Internal MISP references

UUID 53eb7054-cad3-4ff5-96bd-1da01c11f7b6 which can be used as unique global reference for ComsTrac in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://comstrac.com/']

Comvision

Comvision India Private Limited is a provider of advanced Automatic License Plate Recognition (ALPR) systems powered by proprietary Artificial Intelligence (AI) and deep learning algorithms. The system provides realtime database comparison functionality for instant alerts when specific license plates are detected, along with reporting tools for comprehensive vehicle movement analysis.

Internal MISP references

UUID b3a86817-7146-471d-99ed-14380bffd83d which can be used as unique global reference for Comvision in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.comvision.io/index.php', 'https://comvision.io/', 'http://comvision.co.in/']

Converus

Converus, a private company specializing in lie detection technologies, has developed a product called EyeDetect, which uses eye-tracking technology to assess truthfulness. This tool analyzes subtle changes in eye movement and pupil dilation to predict deception. Converus pitched EyeDetect to the CIA in 2022 for its potential application in border control and migration management. in 2023, Converus launched VerifEye, a smartphone app that extends this technology to mobile devices, enabling self-administered truth verification tests.

Converus's technologies have reportedly been adopted by over 600 clients in 50+ countries, including law enforcement agencies.

Internal MISP references

UUID b437e630-d342-4da7-b7a4-4172dc7e88a5 which can be used as unique global reference for Converus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://converus.com/']

CoolApp

CoolApp is a locally developed messaging platform in Cambodia. Designed as an alternative to international apps like WhatsApp and Telegram, CoolApp aims to increase national control over digital communication and "reduce foreign interference". The app is endorsed by Cambodian leadership, including by the former Prime Minister Hun Sen, and experts claim it monitors users' activities on the platform.

Internal MISP references

UUID 15d6cd31-b987-4ece-bc8c-031a95bc7580 which can be used as unique global reference for CoolApp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://coolapp.chat/']

Coralco Tech

Coralco Tech, an Israeli-Cypriot cyber-intelligence firm founded in 2016 by former U-TX Technologies employee Eyal Almog, is a provider of surveillance and cyber-intelligence solutions. Based in Limassol, Coralco offers a wide range of products, including open-source intelligence (OSINT) tools and interception technologies for LTE, GSM, WiFi, and other communication platforms.

The company has been linked to controversial activities, including the development of tools with similarities to malware from Wolf Intelligence, such as the WolfRAT, which targeted messaging apps like WhatsApp and Facebook Messenger. A command and control panel named Coralco Archimedes, identified in a Cisco Talos report, further suggested ties between Coralco and Wolf Intelligence, though the companies have since parted ways.

Coralco has also been involved in international deals, such as using its Singaporean branch to sell phone interception systems to the Bangladesh armed forces, with equipment shipped via Cyprus.

Internal MISP references

UUID b3ec7654-250e-4092-a11c-9264d8ad25ec which can be used as unique global reference for Coralco Tech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

CoreCivic

CoreCivic is one of the largest private prison operators in the United States, managing correctional facilities, detention centers, and residential reentry programs under contract with federal, state, and local governments. Through partnerships with technology providers, CoreCivic integrates electronic monitoring tools such as GPS-enabled devices, smartphone apps, and data-driven compliance systems to track target individuals, including immigrants detained by ICE.

Internal MISP references

UUID e033c635-8c0a-4862-a74f-14160c58f977 which can be used as unique global reference for CoreCivic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.corecivic.com/']

Corellium

Corellium is a cybersecurity company headquartered in Miami, Florida. It sells phone-virtualization software for catching security bugs, and has sold its tools to controversial government spyware and surveillance product developers in Israel, the UAE, Russia, and to a cybersecurity firm with potential ties to the Chinese government, according to a leaked document reviewed by WIRED that contains internal company communications. These documents show that in 2019, Correllium offered a trial of its product to notorious spyware maker NSO Group, with the UAE's DarkMatter also pursued as a potential customer.

Internal MISP references

UUID e3648f5f-2180-4314-baeb-324e2169bf17 which can be used as unique global reference for Corellium in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Corsight AI

Corsight AI is a facial recognition technology company headquartered in Israel with operations worldwide. The company specializes in developing facial recognition and surveillance technology powered by what they call "Autonomous AI," which, according to the company, is based on 15 years of neuroscience research and over 250 patents. Their technology is designed to mimic human facial recognition capabilities.

Corsight's technology allegedly identify individuals even when less than 50% of their face is visible. It also provides real-time alerts and video analysis and claims to identify people wearing masks. More recently, it was developing technology to create facial models from DNA.

Israel implemented a mass facial recognition program in the Gaza Strip using Corsight AI's technology. The system was deployed at military checkpoints along major evacuation routes where Palestinians were fleeing southward, creating an extensive database of Palestinian civilians without their knowledge or consent. The technology faced notable accuracy challenges, particularly when processing grainy footage or partially obscured faces. One significant case highlighting these accuracy issues involved Palestinian poet Mosab Abu Toha, who was wrongfully detained at a checkpoint in mid-November while attempting to leave Gaza for Egypt with his family. After being flagged by the system as a wanted person, he was held in detention for two days, during which he endured beating and interrogation, before being released back to Gaza without explanation.

According to Gizmodo, in 2024 Corsight AI introduced a new surveillance system that monitors "sweethearting" - a practice where retail employees give unauthorized discounts to people they know - by analyzing customer-employee interactions, including physical proximity and visit patterns. The technology, which has already been implemented by unnamed clients, tracks whether customers consistently visit the same employees and triggers security alerts for suspicious patterns.

Corsight also announced a partnership with the public school system in Alagoas, a state in Northeastern Brazil, to implement its facial recognition technology in schools. However, the contract raised transparency concerns: while Alagoas had an active agreement with Teltex, a company acting as Corsight's reseller in Brazil, the contract made no mention of Corsight or the facial recognition solution. This practice violates local laws.

Internal MISP references

UUID 3adf1848-6187-4c71-806c-08be45dcfec5 which can be used as unique global reference for Corsight AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.corsight.ai/']

Corsound AI

Corsound AI is a technology company based in Israel that specializes in voice intelligence technologies, sound and facial recognition, audio analytics and artificial intelligence. Corsound AI's clients primarily include government agencies, law enforcement organizations, and security firms that utilize their audio analytics technology for advanced surveillance. Its primary investor is Awz Ventures, whose advisory board and strategic advisors include Dame Stella Rimington, former MI5 Director-General, James Woolsey, former CIA director, Tamir Pardo, former director of the Mossad, and Buck Revell, former FBI associate deputy director.

Internal MISP references

UUID d1a09203-8362-4f0f-9735-a57999a8eb17 which can be used as unique global reference for Corsound AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.corsound.ai/']

Cortica

Israeli company Cortica, and its subsidiary Corsight AI, has been using facial recognition and Google Photos to conduct mass surveillance of Palestinians without their knowledge or consent. Canadian-Israeli VC firm, AWZ ventures, is among its lead investors. Their tools are also deployed by the U.S. Department of Homeland Security for facial recognition purposes.

Internal MISP references

UUID f7832209-bde7-4f51-99e9-42c82286330e which can be used as unique global reference for Cortica in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://cortica.com/']

COSEINC

Founded by former Cyber Security Agency (CSA) official Thomas Lim, the Computer Security Initiative Consultancy (COSEINC) is a Singapore-based cybersecurity firm with extensive spyware and surveillance operations. In November 2021, it was blacklisting by the U.S. Department of Commerce, which cited the company's misuse of cyber tools to gain unauthorized access to information systems. Lim is known for organizing the SyScan security conference, which was sold to the Chinese technology firm Qihoo 360, another sanctioned entity by the U.S.

Lim also operates Pwnzen Technology, a Singaporean subsidiary of China's Shanghai Ben Zhong Information Technology (Pwnzen InfoTech). Founded in 2014 by Chinese hackers associated with the Pangu Team, Pwnzen specializes in cyber monitoring and defense on behalf of China's government. The company collaborates closely with Chinese cyber institutions like CNCERT and CNNVD, which is linked to China's Ministry of State Security. Pwnzen is involved in hacking the phone of a Chinese opposition figure to access their social media accounts.

Internal MISP references

UUID 31e04d13-3518-4969-b8f4-710cefd62f29 which can be used as unique global reference for COSEINC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.coseinc.com/']

Covidence

Covidence is a Danish company that develops miniature video and audio surveillance equipment, and which provides tools for remote surveillance over insecure networks. Their products are tailored for use by police forces, intelligence agencies, special forces, and other government-approved organizations, specifically designed for scenarios which require covert data gathering.

In 2019, it was acquired by EMK Capital.

Internal MISP references

UUID c346f1a8-5de0-4419-a219-cf5b102dc1d9 which can be used as unique global reference for Covidence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://covidence.com/']

Crimson Hexagon

Crimson Hexagon, a Boston-based social media analytics firm, specializes in using artificial intelligence to analyze vast amounts of public social media data, providing insights for clients ranging from corporations like Adidas to government agencies such as the U.S. State Department. Founded in 2007 by Harvard professor Gary King and Candace Fleming, the company has built a repository of over a trillion public social media posts from platforms like Facebook, Instagram, and Twitter (now X). However, it has faced scrutiny over potential misuse of data for surveillance purposes, particularly in contracts with entities like the U.S. government, the Turkish government, and a Russian nonprofit linked to the Kremlin.

Crimson Hexagon became known as Brandwatch after a merger in 2018, and was later acquired by Cision for $450 million.

Internal MISP references

UUID 45650a93-05eb-4046-973a-702093dbe089 which can be used as unique global reference for Crimson Hexagon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Criteo

Criteo, a French digital marketing company specializing in targeted advertising, has deepened its focus on surveillance-driven data strategies with the launch of its Criteo Innovation Hub in Washington, D.C. A key move was enlisting James Shinn, a former CIA East Asia officer, whose intelligence background signals a focus on advanced data collection and analysis techniques.

In 2022, Criteo was hit with a preliminary €60 million (~$65 million) fine by France’s privacy watchdog, CNIL, for violations of the EU’s General Data Protection Regulation (GDPR). The investigation found that Criteo lacked proper legal bases for its extensive tracking and profiling practices

Internal MISP references

UUID 6d87554a-fc70-45e2-bb06-8f752ee947ca which can be used as unique global reference for Criteo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://criteo.com/']

Crowdfense

Crowdfense, a UAE-based company, purchases software exploits from researchers and reselling them to government agencies. The company operates as a hub for independent researchers, offering some of the industry's highest bounties for exclusive, full-chain exploits targeting platforms such as iOS, Android, Chrome, and Safari. According to Intelligence Online's sources, the UAE and Saudi governments financially backed the firm.

Internal MISP references

UUID 1e57d8cc-d0a0-4e85-add1-2f4ad49d22a4 which can be used as unique global reference for Crowdfense in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.crowdfense.com/']

CrowdOptic

CrowdOptic is a vision analytics company specializing in advanced triangulation technology that integrates with realtime video systems to improve surveillance and facial recognition. Their products enable the use of fixed cameras, body cams, smartphones, and drones to identify individuals and targets in realtime.

In partnership with NEC Australia, CrowdOptic has developed advanced surveillance technology for smart cities. In collaboration, the companies built a system which allows cameras equipped with CrowdOptic software to stream video to servers running NEC’s facial recognition software, enabling the automated monitoring and analysis of public spaces.

According to Jon Fisher, founder of CrowdOptic, police in China are using CrowdOptic's technology to read license plates and "identify incidents" more efficiently. The system can instantly track when multiple police officers focus on the same object, providing faster results compared to manually sifting through surveillance camera footage.

Internal MISP references

UUID e2c270fe-cd86-4daa-86ac-f0a517e92410 which can be used as unique global reference for CrowdOptic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

CSRA Inc

CSRA Inc. (formerly SRA International) is a subsidiary of General Dynamics that played a significant role in the U.S. government's immigration surveillance efforts. The company secured major contracts with the Department of Homeland Security (DHS) to operate the Visa Lifecycle Vetting Initiative (VLVI) program. Under these contracts, which ran from August 2018 through August 2023, CSRA was paid $42.1 million initially, with the total contract value ultimately reaching $101 million. The company's work involved analyzing and exploiting publicly available information, including media blogs, public hearings, conferences, and academic websites, using automated systems to monitor immigrants' social media and online presence.

Internal MISP references

UUID a3e4cb2a-47a1-40f7-8011-c4f331631754 which can be used as unique global reference for CSRA Inc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.gdit.com/']

Cuebiq

Cuebiq is a location intelligence and data analytics company that collects and analyzes mobility data. The company gathers data through its proprietary software development kit (SDK), which is integrated into mobile apps. This SDK collects first-party location data from users, enabling Cuebiq to track and analyze real-world behaviors at scale. In return, some app developers share detailed location data with Cuebiq for analysis.

A proposed class-action lawsuit named Cuebiq among data brokers that bought location data from the family tracking app Life360 without users’ knowledge or consent.

Internal MISP references

UUID 999b1ad9-e6dc-4d1b-b6b0-af0361e19c58 which can be used as unique global reference for Cuebiq in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://cuebiq.com/']

Cyberbit

Cyberbit is an Israeli cybersecurity company that was established as a subsidiary of Elbit Systems, a major Israeli defense company, and which offers a comprehensive solution for monitoring and extracting information from remote PCs. The Ethiopian government targeted Oromo dissidents with Cyberbit's commercial spyware, PC Surveillance System (PSS), renamed PC 360.

Internal MISP references

UUID d28c20bf-edd8-4883-bbc4-e6949a05076c which can be used as unique global reference for Cyberbit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cyberbit.com/']

Cyberglobes

Cyberglobes, an Israeli open-source intelligence (OSINT) firm, has established itself as a prominent exporter of intelligence solutions despite facing bans from platforms like Facebook due to its spying activities. Led by Pinhas (aka Pini) Kleiner, the company has been expanding its global footprint, recently showcasing its social network monitoring tools at the Digipol policing and defense fair in Hyderabad, India. Cyberglobes has a history in the Indian market, having demonstrated its solutions to Indian police forces as early as 2019. It has also been pitching its social network surveillance technologies to the United Arab Emirates.

Internal MISP references

UUID d8dd3f5f-8c73-448c-bb4b-c2532689eefe which can be used as unique global reference for Cyberglobes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cyberglobes.com/']

Cyberint Technologies

Cyberint is an Israel-based company specializing in cyber-intelligence. Through its Argos digital risk protection platform, Cyberint delivers real-time intelligence by analyzing vast amounts of data from various sources, including the dark and deep web, as well as social media. In August, 2024, Cyperint was acquired by Check Point Software Technologies, another Israeli company in the space.

Internal MISP references

UUID 733c0d70-feea-4949-9a12-9beca8fdf8ac which can be used as unique global reference for Cyberint Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://cyberint.com/']

CyberLab

Employees at CyberLab, along with those at other companies founded by the same Israeli nationals, operated from the same office in Skopje, North Macedonia, previously used by Cytrox and Inpedio. These individuals were also involved in the development of Predator spyware. Their work was part of the portfolio offered by Intellexa, a notorious collective specializing in the development and sale of spyware.

Internal MISP references

UUID 086e4835-3042-4f6a-9401-0ed108331c74 which can be used as unique global reference for CyberLab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

CyberPoint

CyberPoint is listed as a partner to Hacking Team, the Italian company that sold spyware used by repressive regimes across the world. It also has a known presence in Abu Dhabi, UAE, and trains analysts with the Electronic Security Authority, the Emirati intelligence agency.

Internal MISP references

UUID 01bd847b-caa7-441c-9611-c741794f6107 which can be used as unique global reference for CyberPoint in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.cyberpointllc.com/']

CyberRoot

CyberRoot is an Indian company that develops tracking phishing links and other intrusive software tools for indiscriminate surveillance on behalf of various clients, often law firms​.

Internal MISP references

UUID 94ece80d-8399-4fbc-aaa4-bca81d64a69d which can be used as unique global reference for CyberRoot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Dahua Technology

Dahua Technology is one of China's biggest surveillance equipment makers. In February 2024, Dahua announced that it will establish a joint venture with Alat, a newly formed entity owned by Saudi Arabia's Public Investment Fund (PIF), to manufacture surveillance hardware in Saudi Arabia. The company's technology has been linked to the abuse of China's Uighur minority and its surveillance systems has also been deployed in the U.S, Vietnam, Mexico, UK and Brazil. Dahua confirmed it sells “skin color” analytics and defended them as “a basic feature of a smart security solution.”

A Reuters report revealed that Myanmar's military junta is installing Chinese-built facial recognition cameras in key urban centers to strengthen its surveillance capabilities, with technology provided by Dahua alongside other Chinese surveillance giants, Hikvision and Huawei Technologies Co Ltd.

Internal MISP references

UUID 55c6b45a-fbeb-4a90-bd2e-f114ef07cb8d which can be used as unique global reference for Dahua Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.dahuasecurity.com/']

Damiba Group

Damiba Group is a Serbian company producing AI-powered drones and radar systems. According to a report by the Border Violence Monitoring Network, it has been involved in supplying unmanned aerial vehicles and other surveillance equipment in a project jointly managed by the EU Commission and the International Organization for Migration (IOM).

Internal MISP references

UUID a5e0d414-77bf-4c99-a5cf-df745e5061db which can be used as unique global reference for Damiba Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.damiba.rs/']

Danaide

Danaide S.A. is a Buenos Aires–based technology firm that supplies UltraIP, the facial-recognition platform that powers the city’s Fugitive Facial Recognition System (SNRP), which was installed in 2019.

Independent investigations point to a close technical tie with Russia’s NTechLab: UltraIP appears in the partners section of NTechLab’s Russian-language website, and multiple reports note that the system "reportedly" runs on NTechLab’s Find Face engine.

Danaide markets UltraIP as "analytics of our own design" on its corporate site, but the unresolved provenance has intensified legal challenges and human rights concerns after documented cases of wrongful arrests and the surveillance of activists.

Internal MISP references

UUID fde054d6-d5a2-4c11-89ea-eacd8141cab4 which can be used as unique global reference for Danaide in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

DarkOwl

DarkOwl is a cybersecurity company providing tools for dark web intelligence and monitoring. Their platform provides access to a vast database of dark web content, enabling clients to search for leaked credentials, sensitive data, and other details. Its DarkOwl Vision UI has access to a wide range of sources including Tor and Telegram. It also has capabilities for entity-based searches for specific variables like email addresses, IPs, and cryptocurrencies, as well as network-specific filtering to focus on particular darknet platforms, forums or messaging services. Its Dubai-based subsidiary is DarkOwl FZE LLC, which it uses to support intelligence operations by the United Arab Emirates and other governments in the region.

Internal MISP references

UUID dc931570-eef4-492e-acd3-becf7351a330 which can be used as unique global reference for DarkOwl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.darkowl.com/']

Dassault

Arms giant Dassault Systèmes, a strategic partner of Thales, sold a mass surveillance system to Egypt in collaboration with Nexa Technologies. In 2017, Ahmed Alaa, a student in Egypt, was imprisoned for 80 days after being accused of posting a photo under a rainbow flag on social media. His arrest was facilitated by a mass surveillance system sold to the Egyptian government by French companies Nexa Technologies, Ercom-Suneris (a subsidiary of Thales), and Dassault Systèmes. This system, which includes internet surveillance software "Cerebro" and phone tapping device "Cortex vortex," allowed the regime to monitor and arrest its opponents.

Internal MISP references

UUID f87c6a29-c85f-4624-8e94-0bc591b5f8c2 which can be used as unique global reference for Dassault in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.3ds.com/']

Dat-Con

Dat-Con is a Slovenian company providing Mobile Surveillance Systems (MSS) to Frontex, the European Border and Coast Guard Agency. These systems are used for border surveillance and monitoring operations.

Internal MISP references

UUID e6e558c6-5019-42ac-8cb7-8f1b1d24bfbc which can be used as unique global reference for Dat-Con in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.dat-con.com/', 'https://www.dat-con.si/']

Data Grand

Data Grand is a Chinese technology startup that has been linked to the development and deployment of censorship and surveillance tools utilized by Chinese authorities. The company was supported by Microsoft's startup incubator program, which provided resources and mentorship to emerging tech companies.

According to reports, Data Grand has been involved in creating software that automates the censorship of online content and assists in monitoring and analyzing digital communications. These tools are reportedly used by Chinese law enforcement agencies to suppress dissent and monitor the activities of individuals, particularly in regions with significant ethnic minority populations.

Internal MISP references

UUID 010e39cb-42b9-447a-be4c-d875d9232293 which can be used as unique global reference for Data Grand in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.datagrand.com/']

DataDirect Networks

DataDirect Networks (DDN) specializes in providing high-performance data storage solutions and data management services, with real-time surveillance and analysis capabilities. Egypt constructed a massive data server in collaboration with the company and intercepted traffic from submarine internet cables connecting the country to Europe for data analysis. This operation was headquartered at the Almaza military base in Cairo.

Internal MISP references

UUID 495b9a32-f1e4-4924-9a9c-5e506cfd9c95 which can be used as unique global reference for DataDirect Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ddn.com/']

Dataflow Security

Dataflow Security is an Italian firm that sells exploits to European and Middle Eastern intelligence agencies. The company is a regular presence at industry events like ISS World and has recruited talent from NSO Group.

The firm was founded in 2019 and is headed by Italian national Luca Todesco, a prominent zero-day tracker. In 2020, one of Todesco's iPhone attack techniques, which he shared publicly with Chinese contacts, was reportedly used by China to spy on the Uyghur community, as documented by Forbes.

Internal MISP references

UUID 64d68546-9424-4d77-bfcb-5a50dbaff2e6 which can be used as unique global reference for Dataflow Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://dfsec.com/']

DataForense

DataForense s.r.l. is an Italian company founded in 2013 by Annunziata Cirillo, initially focused on developing forensic tools and invoicing software. In 2015, the company expanded into interception technologies with its Artemide/Spyrtacus project, a spyware system capable of stealthily extracting data from Android and iOS devices. This expansion was further strengthening by recruiting experts from the Italian interceptions specialist IPS Intelligence. According to the Cyber Statecraft Initiative, the company was in liquidation as of 2024.

Internal MISP references

UUID 33f94dcf-7efb-4766-a2ec-73ca53041704 which can be used as unique global reference for DataForense in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.dataforense.it/']

Datafusion Systems

Datafusion Systems, acquired by Canadian telecoms giant Lumine Group, is the company behind Trovicor, a provider of surveillance and spyware technologies.

Internal MISP references

UUID eb6c1d8c-2fdd-47ab-b818-48c518d0b3ac which can be used as unique global reference for Datafusion Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://datafusion.ai/']

Datastream Group

Datastream Group, an American data broker, aggregates and sells large amounts of geolocated personal data, often collected through mobile apps. An investigation revealed that Datastream Group's database includes information on over 47 million individuals, such as GPS coordinates, device details, and app usage patterns.

The company collects geolocation data from 137 countries, as revealed in a dataset tied to its activities.

Internal MISP references

UUID 735c44a7-4657-4103-8e3f-9389693dc16d which can be used as unique global reference for Datastream Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://datastreamgroup.com/']

DataWorks Plus

DataWorks Plus is a South Carolina-based company that provides advanced surveillance technology, equipping police with the ability to identify faces from surveillance footage in real time. One of their flagship products, FaceWatch Plus, offers "continuous screening and monitoring of live video streams," as described on the company's website. This technology was adopted by law enforcement agencies in cities like Chicago and Detroit, enabling real-time identification from live video feeds. Another one of their products, FaceCompare Plus, offers standalone morphological facial comparison, allowing agencies to compare two facial images side-by-side without a full facial recognition system.

The use of DataWorks Plus' technology has raised significant concerns, particularly regarding its reliability and potential for racial bias. In Detroit, the police department's use of this facial recognition technology has been criticized for its almost exclusive application against Black people in 2020. The department's own data revealed that the technology frequently misidentifies people, with Former Detroit Police Chief James Craig admitting that the system almost never brings back a direct match and often leads to incorrect identifications.

Despite these issues, DataWorks Plus does not provide specific guidance to law enforcement on how to use the software, leaving decisions largely to the discretion of individual officers. This lack of oversight, combined with the technology's unreliability, has led to wrongful arrests and raised serious concerns among human rights advocates about the broader implications for privacy and racial justice.

Internal MISP references

UUID 3992c174-4609-46d6-b13e-c5b46bfc2223 which can be used as unique global reference for DataWorks Plus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://dataworksplus.com/']

Datong

Datong, formerly known as Sepura, is a UK-based company that has been involved in distributing surveillance technology, including IMSI Catchers, which can intercept mobile phone data. In 2009, Datong attempted to export an IMSI Catcher, branded "Optima," to an unnamed Asian country. The UK government rejected this export, citing human rights concerns. Datong attempted to do this by serving as a distributor to Cellxion, the manufacturer of the IMSI Catcher.

Datong was acquired by Seven Technologies Group on May 10, 2013, for $11.4 million. As of July 9, 2013, Datong plc operates as a subsidiary of Seven Technologies Ltd.

Internal MISP references

UUID 16b96989-f301-4520-8f9b-b506a38d35b9 which can be used as unique global reference for Datong in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

DATYS

DATYS is a Cuban state-owned company that develops and distributes biometric surveillance technology. The company has created a suite of products designed for identification and biometric verification, utilizing multiple biological markers including facial recognition, fingerprints, palm prints, DNA analysis, and voice recognition. Argentina's Ministry of the Interior acquired their biometric systems in October 2015 through a substantial contract worth USD 1,080,000, with an additional USD 180,000 in annual technical support costs extending over five years.

Internal MISP references

UUID c6cd08c7-17a3-4aa9-b061-e8fcda07dbe2 which can be used as unique global reference for DATYS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://datys.cu/spa/site/index']

DCX Systems

DCX Systems provides a range of surveillance technologies, including surveillance radars, electro-optic devices, signal analyzers and unmanned aerial drones. The company has established itself as a key Indian Offset Partner (IOP) for international defense companies, especially Israel Aerospace Industries (IAI) and its subsidiary ELTA Systems Limited. It also owns two subsidiaries in Israel.

Internal MISP references

UUID 0d22ba4b-c9e1-48c0-8ee4-0e6b8704b38b which can be used as unique global reference for DCX Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://dcxindia.com/']

DEA Aviation

DEA Aviation Ltd is a UK-based provider of airborne technologies to various clients, including Frontex, the European Border and Coast Guard Agency, and the UK Ministry of Defence. Their products include aircrafts equipped with high-fidelity sensors and surveillance systems to collect real-time data. This is used by Frontex to monitor land and maritime borders, targeting migrants particularly in regions like the Mediterranean and off the Libyan coast.

Internal MISP references

UUID d0546be0-16f9-4d95-b96a-690e702a447d which can be used as unique global reference for DEA Aviation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://dea.aero/']

Decision Group

Decision Group is a technology company based in Taiwan that provides solutions for lawful interception, network forensics, and surveillance. Their tools are designed to assist government agencies, enterprises, and intelligence organizations in monitoring and analyzing network traffic in real time. Their products include E-Detective, a real-time interception and forensics system capable of capturing, decoding, and reconstructing various types of Internet traffic, and Lawful Interception Suite (LI Suite), designed for targeted network surveillance. The suite consists of tools like iMediator (a mediation platform), iMonitor (for warrant administration and data presentation), and modules for decoding and archiving intercepted data.

Internal MISP references

UUID 8423ac8a-c8fa-4690-966c-d7e9566fb2b6 which can be used as unique global reference for Decision Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.decision.com.tw/']

DeepGlint

DeepGlint is a Beijing-based artificial intelligence company that develops computer vision and facial recognition technology. The company's systems can identify individuals and vehicles from distances up to 50 meters and alert authorities to specific activities. Its technology has been used by police agencies throughout China to track down individuals and for monitoring purposes. In 2021, the United States sanctioned DeepGlint for its involvement in human rights abuses, particularly related to the surveillance of Uyghur and other communities in China. It received early backing from Silicon Valley investor Sequoia Capital and became the first AI company listed on the Shanghai Stock Exchange STAR Market.

DeepGlint has a documented association with Microsoft through its participation in the Microsoft for Startups program. The program provided the company with resources such as Azure credits, mentorship, and office space.

Internal MISP references

UUID b4f223b2-833f-4c5f-8bd4-b5ee91abe897 which can be used as unique global reference for DeepGlint in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.deepglint.com/']

Defendec

Defendec is an Estonia-based border surveillance technology company. Its main product, Smartdec, provides wireless, AI-powered detection and video surveillance systems that are easily deployable. Smartdec’s network of lightweight, camouflaged cameras and motion sensors provides real-time alerts and visual confirmation of targets.

Defendec has secured significant contracts with organizations such asiddl the U.S. Department of State. Even in regions with limited GSM coverage, such as parts of the Middle East or Southeast Asia, Defendec’s CEO Jaanus Tamm highlights the system’s adaptability, using local radio networks as a bridge to maintain connectivity.

The company is supported by a network of investors and collaborators who are heavily involved in the surveillance industry, including Rajat Khare, the Indian hacking-for-hire specialist who collaborated with many governments and companies to hack emails and private messages on behalf of clients.

Internal MISP references

UUID a21ad544-9604-48e4-9457-7fab4a728f4b which can be used as unique global reference for Defendec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.defendec.com/']

DefSecIntel

DefSecIntel is an Estonian defense firm providing surveillance cameras and drones to Lithuania for use on its borders, specifically to monitor migrants. DefSecIntel also works in partnership with Weibel Scientific, a Danish radar technology company.

Internal MISP references

UUID 67aef678-9e19-48c1-938a-063d0e880508 which can be used as unique global reference for DefSecIntel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.defsecintel.com/']

Digital Barriers

Digital Barriers is a provider of real-time video surveillance and analytics, primarily servicing law enforcement agencies. Its technologies include live video streaming over cellular networks, body cameras, and vehicle-mounted systems. The company has collaborated with Corsight AI to develop a facial intelligence system capable of real-time recognition using security cameras, body cams, and vehicle-mounted devices. Additionally, Digital Barriers has partnered with Sonic Communications to provide live surveillance capabilities for law enforcement agencies.

The company has also worked with NATO organizations and governments within the Five Eyes Anglosphere (United States, United Kingdom, Canada, Australia, and New Zealand). Their surveillance technologies have been deployed in military operations in Afghanistan and Iraq.

Digital Barriers has secured a contract with one of the largest police forces in Asia to install its TVI surveillance technology, a real-time live video streaming tool, in police vehicles as part of a multi-year program.

Internal MISP references

UUID f1e892d7-027f-403f-8312-2b75d73c5c19 which can be used as unique global reference for Digital Barriers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://digitalbarriers.com/']

Digital Clues

Digital Clues is a company that offers omnichannel intelligence tools, and which shares the same founder with the notorious surveillance firm AGT International, Mati Kochavi. Their technology focuses on kickstarting investigations and surveillance operations by collecting and connecting data when initial clues are scarce or non-existent, including from the "surface web, deep web and dark web." In 2021, it was acquired by Cellebrite, an Israeli digital intelligence company also featured here for its extensive surveillance activities, and whose technologies have been sold to police, military, law enforcement agencies, and secret services in over 150 countries.

Internal MISP references

UUID b09e2f2d-f533-4043-8954-db9a1d6c5075 which can be used as unique global reference for Digital Clues in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Digital Receiver Technology

Digital Receiver Technology (DRT), a subsidiary of Boeing since its acquisition in 2008, is a developer of surveillance and wireless communication tools, including IMSI catchers - devices used for intercepting mobile communications. These tools are widely utilized by intelligence and defense agencies for monitoring and gathering data. The company's clients include the U.S Department of Defense, U.S Department of the Army, and the U.S. Marshals Service.

In 2024, DRT was acquired from Boeing by Thales Defense and Security Inc (TDSI), a subsidiary of Thales.

Internal MISP references

UUID 1528cc4a-8495-4561-9502-83661becb0c2 which can be used as unique global reference for Digital Receiver Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

DigitalStakeout

DigitalStakeout provides tools for monitoring and analyzing social media, specifically catered to law enforcement agencies. An analysis of the Corvallis Police Department's use of DigitalStakeout over 13 months revealed demographic disparities in flagged social media posts, with a higher representation of Black and Hispanic people. The monitoring tool has been used by police departments and agencies to track hashtags like #BlackLivesMatter.

Internal MISP references

UUID 363f31b8-ebaa-42ee-b60e-44279df292a1 which can be used as unique global reference for DigitalStakeout in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.digitalstakeout.com/']

DigiTask

DigiTask GmbH is a German company that develops surveillance tools and spyware for law enforcement and intelligence agencies. Best known for its controversial "Bundestrojan" (Federal Trojan) spyware, DigiTask provides software capable of intercepting encrypted communications, including VoIP calls, by installing malware on target devices. Their tools include features like keylogging, screenshot capture, remote file access, and the ability to bypass encryption protocols like SSL by intercepting keys on local systems.

DigiTask's products, such as the "WifiCatcher," are designed for covert operations, enabling authorities to monitor public WiFi networks and track users across hotspots. The spyware has been described as unsophisticated and easily detectable by cybersecurity experts, as revealed by investigations from groups like the Chaos Computer Club.

The company's tools have been sold to various governments, including those in Germany, Austria, Switzerland, and the Netherlands.

Internal MISP references

UUID 0cf02f7d-8fb3-4706-85a1-8700f388ac08 which can be used as unique global reference for DigiTask in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Discovery Telecom Technologies

Discovery Telecom Technologies (DTT), based in Moscow with offices in Switzerland and Salt Lake City, Utah, specializes in telecommunications interception technology. Wired reports that their AIBIS system (In-Between Interception System) operates by impersonating a cell phone tower to capture nearby signals covertly, enabling operators to eavesdrop and record communications. The company's clientele reportedly includes the Kremlin and the Federal Security Service (FSB), as stated on its Russian website.

Internal MISP references

UUID 4761064d-89e9-4422-9494-e4861e56c06f which can be used as unique global reference for Discovery Telecom Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Draganfly

Draganfly Inc develops aerial surveillance drones. The company's drones come equipped with high-resolution video and thermal imaging used for monitoring and data collection. The Cochise County Sheriff's Department in Arizona uses Draganfly drones for its border surveillance activities.

Internal MISP references

UUID e2e6c35b-ca01-46de-b1da-81878f8e010e which can be used as unique global reference for Draganfly in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://draganfly.com/']

Dream Security

Dream Security is a company co-founded by Shalev Hulio, the former CEO of NSO Group, an Israeli technology firm known for developing sophisticated surveillance tools, including the Pegasus spyware. The other co-founders include Sebastian Kurz, the former chancellor of Austria, and Michael Eisenberg, an Israeli American venture capitalist who is also a general partner of Aleph, a Tel-Aviv-based venture capital firm which participated in funding for Dream.

As of early 2025, the company claimed $130 million in annual sales, primarily from government agencies.

Internal MISP references

UUID 7a1b0dd2-eeb0-4d4c-9426-30461059f206 which can be used as unique global reference for Dream Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://dreamgroup.com/']

Dreamlab Technologies

Dreamlab Technologies, a Swiss company, was involved in a surveillance project in Turkmenistan in partnership with Gamma International GmbH (creators of the FinFisher spyware). Documents leaked by WikiLeaks revealed that Dreamlab helped establish an "Infection Proxy Infrastructure" on Turkmenistan's networks, enabling widespread surveillance. This infrastructure allowed for the infection of devices through fake software updates, file downloads, or website injections, granting full access to personal data, emails, social media messages, and even enabling remote control of microphones and cameras. Dreamlab provided technical services, including network analysis, hardware and software installation, staff training, and system maintenance. The leaked documents suggest the two companies also collaborated for similar interception projects in Oman.

According to Intelligence Online, Dreamlab has since diversified its operations, creating new ventures like Slinf, a threat intelligence firm co-founded with German SIGINT experts, which develops tools such as RATspotting for detecting command-and-control servers and CyKnife for open-source intelligence. Dreamlab previously collaborated with German defense group Rheinmetall to create the consulting firm Cyel. In 2019, Cyel was split, with part of its operations integrated into Dreamlab and the rest taken over by Rheinmetall under the name Cyber Works.

Dreamlab maintains offices in Switzerland, Germany, Spain, Oman, Malaysia, Australia, New Zealand, Bolivia, Peru, India, Malaysia and Chile.

Internal MISP references

UUID 1bad4d62-12a8-4ee0-aca6-ac93d5175a5b which can be used as unique global reference for Dreamlab Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://dreamlab.net/']

DSIRF

The spyware developer, officially named DSIRF (Decision Supporting Information Research and Forensic), and operating under the codename KNOTWEED, created the spyware Subzero, which was used to target law firms, banks, and consultancy firms in the UK, Austria, and Panama. According to Microsoft's Threat Intelligence Center (MSTIC), DSIRF employed various exploits to compromise systems, including a zero-day privilege escalation exploit for Windows and a remote code execution attack via Adobe Reader. Former Austrian Chancellor Sebastian Kurz has close business ties to DSIRF, as well as ties to the founder of the NSO Group, Shalev Hulio, whom he co-founded Dream Security with.

Internal MISP references

UUID 0966bef5-a521-48fd-918c-1f1c23271b28 which can be used as unique global reference for DSIRF in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

DVTEL

DVTEL is a developer of video surveillance systems that cover security configurations from cameras to control rooms. Their products integrate video analytics, access control, license plate recognition, and facial recognition technologies, serving global clients in law enforcement agencies. DVTEL, through its acquisition of Israeli company ioimage Analytics, provided video surveillance technology deployed at Israeli military bases and border security installations.

In 2015, DVTEL was acquired by FLIR Systems for $92 million in cash. In May 2021, FLIR Systems was acquired by Teledyne Technologies for $8 billion, leading to the formation of Teledyne FLIR. As a result, DVTEL now operates under the Teledyne FLIR brand.

Internal MISP references

UUID c56387e4-09e5-4f8d-b445-3cbee33f43d9 which can be used as unique global reference for DVTEL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

EAB

Education Advisory Board (EAB) is an EdTech company headquartered in Washington, D.C. As part of a network of companies owned by Vista Equity Partners, EAB's products collect and analyze detailed data on students. The data collected spans a wide range of sensitive information, including demographics and behavioral metrics, which it then provides to schools, universities, and other third parties. EAB also utilizes predictive analytics and tracking tools to monitor student behaviors and assess their likelihood of success or risk of dropping out.

Internal MISP references

UUID d627a348-fad0-42aa-a14b-ca90b8214e62 which can be used as unique global reference for EAB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://eab.com/']

EagleMsgSpy

EagleMsgSpy is a mobile surveillance tool for Android and iOS devices developed by Wuhan Chinasoft Token InfoTech Co., Ltd. Since 2017, it has been deployed by police across multiple Chinese provinces to collect SMS, audio, and geolocation data. Despite its widespread use, the company remained under the radar until its spyware activities were publicly exposed in December 2024.

Internal MISP references

UUID 28680b19-d68d-464e-950e-2901d019a830 which can be used as unique global reference for EagleMsgSpy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Echelon Edge

Echelon Edge, in collaboration with Synergy Telematics, has deployed India's largest AI-driven surveillance and crowd management system for the Maha Kumbh. This system utilizes AI, big data analytics, and real-time monitoring, providing alerts and insights to police agencies in India. In an op-ed, the company's founder and CEO, Gaurav Gandhi, wrote about the evolution of criminal profiling and prediction: "AI pulls in raw data from multiple sources - CCTV footage, law enforcement records, public databases, even social media activity. It then analyses behavioural patterns, identifying anomalies based on past movements, known risk factors, and predictive modeling."

Internal MISP references

UUID 424a5fee-4e91-458c-9987-0a2bd0f21949 which can be used as unique global reference for Echelon Edge in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.echelonedge.com/']

Echo-On Technologies

Echo-On Technologies was founded in 2018 as a subsidiary of the Israeli firm Rayzone Group. Its primary product, Echo, is a surveillance tool designed to exploit vulnerabilities in telecommunications systems like SS7. It enables capabilities such as real-time location tracking, call interception, and SMS message retrieval. Echo is marketed primarily to governments and law enforcement agencies for intelligence gathering and surveillance purposes. It has reportedly been used in Mexico. The purchase was made via Neolinx, an intermediary in Mexico used to purchase surveillance equipment.

Internal MISP references

UUID e9dd541c-b067-4480-857e-ec004a667acd which can be used as unique global reference for Echo-On Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Echodyne

Echodyne is a company that develops compact, high-performance radar systems powered by its proprietary Metamaterial Electronically Scanning Array (MESA) technology. The company’s radar is used in drone surveillance, border security, and perimeter monitoring. Its technology has been adopted by U.S. federal agencies, including Customs and Border Protection (CBP), for surveillance operations along the U.S.-Mexico border.

Internal MISP references

UUID 2c3e942b-4581-423e-830d-35e4d590cfd7 which can be used as unique global reference for Echodyne in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.echodyne.com/']

EDGE

EDGE, officially known as "EDGE Group," is a prominent defense conglomerate headquartered in Abu Dhabi, UAE. It was established in November 2019 as part of the UAE government's efforts to consolidate and modernize the country's defense industry. In 2022, it absorbed Digital14, a cybersecurity firm based in the Abu Dhabi and which had resumed the operations of DarkMatter, which operated under the codename Project Raven. Project Raven employed former NSA operatives and other foreign contractors to conduct hacking and surveillance activities, often targeting individuals and entities deemed as threats to the UAE government, such as journalists and human rights activists. In 2024, Edge partnered with the São Paulo State Government on a surveillance project called "Crystal Ball."

Internal MISP references

UUID e6bf0f2f-eba5-4f07-ade6-410f69bf2c43 which can be used as unique global reference for EDGE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://edgegroupuae.com/']

EDGE NPD

EDGE NPD, a Polish software company, developed ABTShield, a tool designed to monitor online narratives and identify disinformation and foreign influence campaigns. ABTShield claims to offer a range of surveillance capabilities, including the ability to compile social media posts by keywords or topics, track specific social media accounts and analyze social reactions to news and articles. The tool reportedly collects data from platforms like Facebook, Twitter, Parler, and Telegram, as well as news sources, forums, and blogs.

During a pilot with the Los Angeles Police Department (LAPD) in late 2020, the tool gathered millions of tweets related to topics such as Black Lives Matter and "defund the police" movements. The tool also vacuumed up data on the conflict between Armenia and Azerbaijan, citing Los Angeles' large Armenian population, and included usernames and geolocation data of the tweets it gathered.

Known clients of ABTShield include the LAPD and the U.S. Embassy in Warsaw, which purchased licenses for the tool in 2020 and 2021.

Internal MISP references

UUID 1b566a25-77eb-41cc-95e7-ecc137b3959e which can be used as unique global reference for EDGE NPD in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://edgenpd.com/']

Ekin

Ekin Technology, a Turkish firm, is a developer of AI-driven smart city surveillance systems, including facial recognition and license plate recognition (LPR). Their products, such as the Ekin Patrol G2 and Ekin Spotter, integrate multiple surveillance functions into mobile and fixed platforms. These systems are designed for real-time data analysis and centralized control via their Red Eagle operating system.

Internal MISP references

UUID 6c4b5032-4b9b-4757-aefb-e5cf5ed5a158 which can be used as unique global reference for Ekin in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ekin.com/']

Elbit Industries

Elbit Systems is a leading military tech exporter in Israel, specializing in various advanced surveillance technologies, deployed in space, air, sea and ground operations. Its surveillance systems, drones, and other high-tech tools, which are used in violent military operations and in high demand worldwide.

Internal MISP references

UUID 414f77be-f213-44b6-9f71-3deab22f7e0b which can be used as unique global reference for Elbit Industries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.elbitsystems.com/', 'https://www.elbitamerica.com/']

ELISE

ELISE is a product of the WCC Group, a company that develops advanced search and matching technologies for identity management. Used primarily for law enforcement and border control, ELISE accesses and analyzes data from disparate databases and supports fingerprint, iris, face, and voice recognition. It also designed to store and analyze biographic data including name, age, and physical attributes. It has been used for "refugee management" and visa application systems.

Internal MISP references

UUID 15d4833f-78fb-41be-b4e6-0f09ff8c85b3 which can be used as unique global reference for ELISE in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.wcc-group.com/id-security/products/elise-id-platform/']

Elm

Elm is a Saudi government-owned technology company operating under the Public Investment Fund (PIF). The entity develops and manages platforms that facilitate state surveillance. These include systems for biometric identification, digital identity, predictive analytics, and population tracking through integrated government databases. Elm has built platforms for border control and law enforcement analytics, and has contracts with the country's Ministry of Interior.

Internal MISP references

UUID 6e544366-440d-4c2c-8b61-4e8732a8d9fc which can be used as unique global reference for Elm in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.elm.sa/', 'https://www.elm.sa/en/Pages/default.aspx', 'https://www.elm.sa/ar/pages/default.aspx']

Elsight

Founded in 2009 by Nir Gabay and Roee Kash, Elsight is a company specializing in advanced communication technologies, particularly known for its innovative surveillance drones. These drones are designed to provide real-time data transmission for various applications, including "defense." Since October 7th, 2023, there has been a notable increase in demand for Elsight's systems from different defense entities. However, the company's management is unwilling to be transparent about this uptick in sales. They indicate that the heightened interest has a growing emphasis on military and defense applications, a trend expected to persist moving forward. "Military organizations worldwide have recognized the value of integrating cellular infrastructure for diverse operational uses," the company stated in an interview with Haaretz. Elsight has integrated its Halo connectivity platform with Lockheed Martin’s Indago 4 quadcopter uncrewed aerial vehicle (UAV).

Internal MISP references

UUID 898c74aa-3846-4ac1-82a0-3163576b16b0 which can be used as unique global reference for Elsight in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.elsight.com/']

Endace

Endace, a New Zealand-based company, is a developer of high-speed network monitoring and packet capture technology. Its tools, such as the EndaceProbe Analytics Platform, are designed for network performance monitoring. These tools provide deep visibility into network traffic. Leaked documents have revealed that Endace's technology has been used to support mass surveillance efforts by governments worldwide. The company's tools have reportedly enabled the interception of private emails, online chats, social media activity, and other internet communications. Endace has sold its technology to various countries, including the United States, the United Kingdom, Canada, and Israel, among others.

Endace was acquired by Emulex Corporation, a U.S.-based company that provides similar network connectivity and monitoring services, in February 2013.

Internal MISP references

UUID bdad44a3-2e36-4728-a835-8f3f2d9f905e which can be used as unique global reference for Endace in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.endace.com/']

Endeca

Endeca, a data analytics company, developed software capable of real-time social media monitoring and analysis, which was used by law enforcement agencies, such as the Chicago Police Department, to track and analyze protester activities during events like the 2012 NATO protests. The software allowed authorities to merge social media data with other datasets, such as crime records and 911 calls, enabling targeted surveillance and sentiment analysis. Oracle acquired Endeca in 2011, integrating its data analytics and monitoring capabilities into Oracle's broader goals towards AI-powered surveillance services.

Internal MISP references

UUID ff82eaa0-d00e-4554-9c68-f7303d4aafcf which can be used as unique global reference for Endeca in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.oracle.com/middleware/technologies/endeca-server.html']

Endoacustica

Endoacustica Europe, headquartered in Bari, Italy, is a provider of surveillance technologies. Their product lineup includes high-performance International Mobile Subscriber Identity (IMSI) catchers, which enable the detection and tracking of mobile devices by emulating legitimate cell towers, compelling nearby mobile phones to connect and capturing their IMSI numbers. This is used by law enforcement and intelligence agencies in monitoring and intercepting mobile communications.

According to its official website, Endoacustica's products are generally utilized by government agencies, law enforcement bodies, and security organizations requiring mobile surveillance and communication interception capabilities. These products include spy micro cameras, mini WiFi 4G IP Umts cameras, video surveillance drones, cellular spy, spy earphones, as well as various gadgets for related activities.

Internal MISP references

UUID 5153ca66-fb4e-4e67-aa9c-9e6816465b62 which can be used as unique global reference for Endoacustica in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.endoacustica.com/']

Epsilon

Epsilon is a Barcelona-based cybersecurity company specializing in developing exploits and targeting the American market. Founded by a group of elite researchers formerly linked to the Australian firm Azimuth, which was acquired by U.S. defense contractor L3Harris, Epsilon is led by a French researcher Jeremy Fetiveau (who used to work for L3Harris Trenchant) and also involves two Israeli partners, the founders of Bindecy, a lesser-known Israeli spyware firm.

Epsilon focuses on creating spyware tools tailored to the needs of intelligence agencies and law enforcement, specifically for clients demanding exclusive, custom-built solutions rather than off-the-shelf spyware.

Internal MISP references

UUID 8d86660c-a71b-45dc-a9a6-15bb2cb6fc59 which can be used as unique global reference for Epsilon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Equitus

Equitus provides a product called the Equitus Video Sentinel (EVS), which transforms raw video streams into actionable intelligence using AI-driven analytics. EVS offers real-time object detection, classification, and alert management. Equitus' technology is built on a Knowledge Graph Neural Network (KGNN), which unifies and analyzes large and complex datasets.

EVS is is explicitly marketed for border surveillance, capable of detecting and analyzing human and vehicle movements, including identifying individuals carrying items such as backpacks. The U.S. Customs and Border Protection (CBP) has been upgrading surveillance towers in Arizona by incorporating advanced machine learning technology to automate the detection of border crossings. Equitus' Video Sentinel is part of this effort, working alongside IBM's Maximo Visual Inspection software. The project processes up to 100 simultaneous video streams, with data being hosted on Google's cloud platform, MAGE (ModulAr Google Cloud Platform Environment), which serves as the central repository for video analysis.

Internal MISP references

UUID 6b12a9c1-4ec5-4dd8-89e3-78db39644763 which can be used as unique global reference for Equitus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.equitus.ai/']

Equus Technologies

Equus Technologies is an Israeli company behind an advanced spyware, known as "Lipizzan," designed to steal users' data. The company offers custom solutions for law enforcement, intelligence agencies, and national security organizations. According to Google researchers, Lipizzan is a multi-stage spyware capable of monitoring and extracting a user’s emails, SMS messages, location data, voice calls, and media files. Google identified 20 Lipizzan apps, which were distributed in a highly targeted manner to fewer than 100 devices. In response, Google has blocked both the developers and the apps from the Android ecosystem. Besides malware, the source reported that Equus Technologies also offers app and cloud interception technology packaged as portable devices. These devices, which can be carried in backpacks, are designed to connect to nearby cellphones and steal passwords along with other sensitive personal data. At least one employee of Equus Technologies is a former staff member of NSO Group, the notorious Israeli malware vendor.

After their exposure in numerous reports in 2017, the company rebranded its name to Merlinx.

Internal MISP references

UUID 62082c88-58a2-4c12-b511-7719b3f010a3 which can be used as unique global reference for Equus Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Ercom

The administration of Egyptian president Abdel Fattah el-Sisi bought surveillance technologies from the French cybersecurity company Ercom in 2014.

Internal MISP references

UUID b11f855c-abf6-4a2b-8c55-577ccf523f1b which can be used as unique global reference for Ercom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://cds.thalesgroup.com/en/ercom']

Espy

Espy is an Israeli-founded company registered in Singapore that provides systems capable of geographical zone surveillance, mass countrywide profiling, and discreet online influence campaigns. Its tools can analyze personal data from targeted networks to create profiles of individuals and simulate interactions online using AI.

Internal MISP references

UUID f4f92c13-cf1b-4cc4-9624-993a94f88d03 which can be used as unique global reference for Espy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://espysys.com/', 'https://espy.is/']

eSurv

eSurv was an Italian company that sold spyware to law enforcement. Initially a developer of video surveillance software for homes and offices, the company later transitioned to creating spyware for mobile phones. eSurv's spyware, named "Exodus," was distributed through phishing sites that mimicked mobile carriers in Italy and Turkmenistan. The iOS version exploited Apple's Developer Enterprise Program to bypass the App Store's review process. The spyware had capabilities to access contacts, photos, GPS location, audio recordings, and more.

Connexa, a telecommunications company in Italy, partnered with eSurv to provide the infrastructure for Exodus. Connexa's servers were used to host the spyware's command-and-control infrastructure, enabling the collection of sensitive data from infected devices.

eSurv declared bankruptcy in 2021.

Internal MISP references

UUID b2657fbc-54c9-4c96-b1fd-1b54a84a3dd4 which can be used as unique global reference for eSurv in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

ETI

ETI is a company that produces high-tech surveillance equipment. It developed a system called Evident, which enabled governments to conduct mass surveillance of their citizens' communications. In 2011, BAE bought ETI and the company became part of BAE Systems Applied Intelligence. Freedom of information requests submitted by the BBC and the Dagbladet Information newspaper in Denmark revealed exports to Saudi Arabia, the UAE, Qatar, Oman, Morocco and Algeria, amongst others countries.

Internal MISP references

UUID 79e3adbf-3b5a-47f6-83e9-b7c9feaa62c0 which can be used as unique global reference for ETI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

European SAO

European SAO is a Malta-based company contracted by Frontex, the European Border and Coast Guard Agency, for aerial surveillance. It is a sister company of DEA Aviation (UK), which has worked extensively with Frontex by providing airborne surveillance equipments. This relationship enables European SAO to bypass Brexit-related restrictions that prevent UK-based companies from participating in certain EU contracts.

Internal MISP references

UUID 40c28758-5f1f-4122-8662-f07fae99b663 which can be used as unique global reference for European SAO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://esao.aero/']

Everfox

Everfox, formerly the public sector division of Forcepoint, provides tools for monitoring employee activity and analyzing behavior. Its Insider Risk Solutions platform collects data from various channels, including web activity, file operations, emails, and keystrokes, to provide organizations with a comprehensive view of employee behavior. This data is used to calculate "risk scores" for employees, flagging behaviors such as data exfiltration, financial distress, or signs of dissatisfaction or whistleblowing.

Everfox's technology utilizes AI-driven behavioral analytics to detect what they call "anomalous" activities, such as accessing restricted files or exhibiting "negative sentiment" in communications. Its clients include the U.S. Department of Defense.

Internal MISP references

UUID 3f36105b-6664-434b-acb0-fa651a9b1fa7 which can be used as unique global reference for Everfox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.everfox.com/']

Evron Systems Ltd

Evron Systems Ltd is an Israeli company that provides advanced communication systems, security systems, control, and multimedia solutions. It has been involved in developing surveillance technologies, including facial recognition software called Aureus 3D-AI, which can analyze still and video footage using 3D technology and sophisticated algorithms. This software can perform extensive facial comparisons at high speeds. Evron is the Israeli representative and distributor for On Net surveillance System Inc. (OnSSI). Among its clients are the Israeli military. The company is privately owned by Meron Abraham and Sidis Aharon.

Internal MISP references

UUID bfec2507-c67d-417a-9e4a-c716df223057 which can be used as unique global reference for Evron Systems Ltd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://evronsystems.co.il/']

EXFO

EXFO is a company that sells surveillance technology, including IMSI catcher software and related hardware, to government agencies. Their product, NetHawk, is capable of monitoring traditional mobile networks as well as LTE, can track phones’ locations and intercept texts and calls, and is small enough to fit inside a backpack or shoulder bag. EXFO has exported its products to countries such as Bosnia, Oman, Indonesia, Mexico, Serbia, Morocco, Colombia, the United Arab Emirates (UAE), Kuwait, and Macedonia.

The company is headquartered in Quebec, Canada and has other corporate offices in Montreal and Oulu, Finland. It also has offices in the U.S, Mexico, United Kingdom, France, Germany, Singapore, China and India.

EXFO is a public company which received funding from the government of Canada.

Internal MISP references

UUID 37a0d18d-7432-40ce-89b1-9f1a7ce7004a which can be used as unique global reference for EXFO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.exfo.com/', 'https://www.exfo.com/en/']

Exterro

Exterro’s FTK (Forensic Toolkit) is a digital forensics software suite used by law enforcement, corporations, and government agencies to collect, process, and analyze electronic data. It supports deep forensic analysis of computers, mobile devices, email archives, and cloud data. It can quickly search and filter large volumes of data.

In December 2020, Exterro acquired AccessData, another digital forensics company that develops FTK products.

Internal MISP references

UUID 1160638d-dfc1-4bb4-944a-816aa6ef527a which can be used as unique global reference for Exterro in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.exterro.com/']

Eyecool Technology

Eyecool Technology, formerly known as Techshino, is a Chinese biometrics company that develops facial and iris recognition systems and has deep ties to China's public security and military sectors. The company, a supplier to the Ministry of Public Security and the People's Liberation Army (PLA), has expanded its technology's applications to smart city projects, including the Xiong'an initiative championed by President Xi Jinping. Eyecool also collaborates closely with China's Ministry of State Security.

The company reportedly adds 2 million facial images daily to Skynet, China’s mass video surveillance network.

Eyecool Technology maintains a global presence with subsidiaries in the Netherlands, United States, and India, while also exploring opportunities in Malaysia.

Internal MISP references

UUID 4a018517-9e92-4ac9-b41f-8b2cb22bf5e4 which can be used as unique global reference for Eyecool Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.eyecooltech.com/']

FaceFirst

FaceFirst, also known as Airborne Biometrics, is a developer of facial recognition and surveillance technologies, providing automated face-matching systems for use in retail, airports, stadiums, military bases and at border checkpoints.

Its facial recognition technology has increasingly been deployed in retail stores without customer knowledge or consent. The system scans shoppers' faces as they enter stores, comparing them to databases of "dishonest customers" or "known shoplifters." The system also delivers customizable alerts and notifications to any device or workstation upon detecting a person of interest. The company claims to offer military-grade facial identification that seamlessly connects to a large central database tailored to the specific needs of the end user.

In 2022, FaceFirst welcomed Edwin Coello, a former leader of the NYPD Real Time Crime Center, to its team.

Internal MISP references

UUID bb0451b5-a3d7-41df-b06a-7247b9d907d5 which can be used as unique global reference for FaceFirst in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.facefirst.com/']

Faception

Faception is an Israeli company developing facial recognition technology that claims to analyze personality traits, behaviors, and intentions based on facial features. The company markets its solutions for use in law enforcement and intelligence operations, including applications like identifying targets or screening individuals in public spaces.

Internal MISP references

UUID 2b091e06-15c2-4131-9c1d-ca46fbdcd6bc which can be used as unique global reference for Faception in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.faception.com/']

Facewatch

Facewatch is a UK-based company that provides facial recognition technology for the retail industry. Their system alerts businesses in real-time when a "known offender" is detected. Images captured by CCTV are transmitted to Facewatch's cloud server, where they are converted into biometric measurements for comparison against a database of subjects of interest.

Facewatch has faced multiple lawsuits over data protection breaches and grave instances of false identification. In addition to the UK, it is used by police and retailers in Brazil and Spain.

Internal MISP references

UUID 177a88d4-775e-4667-9ec3-57cf2babf002 which can be used as unique global reference for Facewatch in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.facewatch.co.uk/']

FaiceTech

FaiceTech is a UK-based developer of facial recognition technology. It has been implicated in helping Hikvision, a Chinese security camera giant, circumvent international sanctions over its involvement in surveillance and human rights abuses in Xinjiang. Hikvision advertised ethnicity recognition features in marketing brochures, claiming collaboration with FaiceTech. Following an investigation, Hikvision removed promotional materials referencing FaiceTech.

Internal MISP references

UUID 8a305b08-7175-4e6b-af6e-427549bbcf87 which can be used as unique global reference for FaiceTech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://faicetech.com/']

Falcon

The Falcon system, developed by Semptian, is primarily designed for tracking the location of targeted cellphones rather than intercepting calls or texts. Similar to the Stingray devices used by U.S. law enforcement, Falcon operates within a nearly 1-mile radius and can pinpoint the location of cellphones with high precision, up to 5 meters accuracy. When activated, Falcon emits signals that compel nearby mobile phones and other cellular devices to connect to it, revealing their exact locations. Falcon includes a smaller, pocket-sized device that can be used by agents on foot to track cellphone locations even more precisely, narrowing down to within 1 meter. This technology enables authorities to conduct targeted surveillance and locate specific individuals within urban or densely populated areas.

Internal MISP references

UUID bdd368fa-3158-48ca-881e-3778886ae117 which can be used as unique global reference for Falcon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

FalcoNet

FalcoNet is a surveillance technology developed by the Israeli firm Cognyte, designed as a cell tower simulator capable of intercepting and collecting data from mobile phones. It functions as an airborne system, deployable on manned aircraft like helicopters or fixed-wing planes, and is used to gather unique identifiers from phones, intercept unencrypted communications, and jam normal signals to force devices to connect to its artificial station. The State of Florida purchased this technology for $793,000 as part of Operation Vigilant Sentry, aimed at surveilling migrants, particularly from Haiti.

Internal MISP references

UUID a4462ad0-f132-444c-befd-8160e17ff53d which can be used as unique global reference for FalcoNet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

FiberHome

FiberHome, officially known as Nanjing FiberHome StarrySky Communication Development Company Ltd., develops spyware for use by the Chinese authorities. Its Fengcai app is forcibly installed on tourists' smartphones at border crossings in the East Turkistan (renamed Xinjiang by China) region. This spyware collects extensive personal data, including text messages, contacts, call logs, calendar entries, and installed apps, and transmits it to remote servers for analysis. The app also scans for content flagged as suspicious, such as religious materials, writings in Arabic, or documents related to the Dalai Lama, among other flagged items.

Internal MISP references

UUID 79e55376-a1d3-41c2-9677-55d4ac06f239 which can be used as unique global reference for FiberHome in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://en.fiberhome.com/']

Fifth Dimension

Founded in 2014 by former Mossad member Doron Cohen, Fifth Dimension became a leading producer of surveillance technology with the backing of notable figures such as former IDF Chief of Staff Benny Gantz, who served as the company's chairman, and former Mossad deputy head Ram Ben-Barak. The company's systems are employed to analyze vast amounts of data, including social media activity, to identify potential security threats and prevent incidents before they occur. The company specializes in predictive policing tools and advanced data analysis, including sophisticated data processing techniques to identify patterns and correlations based on mass surveillance data.

Fifth Dimension collaborated with the Israel Police on a project involving artificial intelligence for law enforcement purposes. This partnership, which did not go through a tender process, involved a pilot program costing about 4 million shekels ($1.1 million) and concluded in 2017. The initiative was described as a "game changer" by Police Chief Roni Alsheikh. However, Fifth Dimension ceased operations due to U.S. sanctions on one of its investors, Viktor Vekselberg, which affected its primary market in the U.S.

The company ceased operations in December 2018, after an unsuccessful acquisition bid from NSO Group. At its height, Fifth Dimension had secured $40 million in funding and employed 100 people.

Internal MISP references

UUID a1658797-cf0c-44c1-bb1e-dc6b91db37c2 which can be used as unique global reference for Fifth Dimension in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.5dimension.com/']

FinFisher

FinFisher, also known as FinSpy, is surveillance software developed by Gamma Group, an Anglo-German technology company specializing in surveillance and monitoring solutions. FinFisher has been used by various governments and law enforcement agencies around the world for surveillance purposes. The software is designed to monitor and intercept communications, gather intelligence, and track individuals' activities. FinFisher is known for its comprehensive surveillance capabilities, which include: remote access, data extraction of information such as emails, SMS, files, and browser history, real-time monitoring of communications and online activities, keylogging to capture passwords and other sensitive information, microphone and camera activiation to record audio and video, as well as geolocation tracking. Gamma Group dissolved its FinFisher unit in 2014, but several German companies have since sold the spyware.

Internal MISP references

UUID 85b1aa92-f9e8-4c36-bdc5-e49e3a5d734c which can be used as unique global reference for FinFisher in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

First WAP

First WAP is a surveillance technology company headquartered in Jakarta, Indonesia. It was founded by former Siemens engineer Josef Fuchs in the early 2000s. The company's primary product, Altamides, is a phone-tracking software that exploits vulnerabilities in the global telecom network's SS7 protocol to pinpoint any person's location worldwide. Over time, First WAP has expanded Altamides' capabilities beyond location tracking to include intercepting SMS messages, listening to phone calls, and breaching encrypted messaging apps like WhatsApp.

First WAP's surveillance technology has been used across more than 160 countries, tracking over 14,000 unique phone numbers. The company marketed its products to authoritarian governments and made them accessible to corporate actors through a network of middlemen. Specific clients included governments in Morocco and Algeria during the Arab Spring, marketed through the British firm KCS Group. Victims of the surveillance ranged from high-profile political figures and journalists to ordinary citizens like teachers and therapists.

Internal MISP references

UUID e4bd999e-f23c-447b-b968-79335299c2c6 which can be used as unique global reference for First WAP in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Fisca Security

Fisca Security & Communication is a Yangon-based company that provides telecommunications and security products, including CCTV systems, intercoms, and related infrastructure.

Since the 2021 military coup in Myanmar, Fisca has been involved in the procurement and installation of surveillance technologies, including Chinese-made CCTV cameras with facial recognition capabilities. These systems have been deployed in multiple cities across the country as part of "safe city" initiatives. The company is sourcing its surveillance technologies from China’s Zhejiang Dahua Technology, Huawei, and Hikvision.

In 2023, the U.S. Department of Commerce added Fisca to its Entity List, citing the company’s involvement in supplying surveillance equipment to Myanmar’s military regime.

Internal MISP references

UUID 69668365-29a5-4d66-ac9b-6e4f1751514d which can be used as unique global reference for Fisca Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Fivecast

Fivecast is a company that develops AI-powered software used by U.S. Customs and Border Protection (CBP) to analyze online content for potential threats. Utilizing artificial intelligence, Fivecast's software detects sentiment and emotion in social media posts and recognizes objects in images and videos. It also scans for "risk terms and phrases" across multiple languages, gathering data from both major social platforms like Facebook and Reddit, as well as smaller communities like 4chan and Gab.

CBP has spent millions on Fivecast's technology, which they use to monitor individuals they believe may pose risks to public safety, national security, or lawful trade and travel. Fivecast's tools are capable of mapping out networks of connections and tracking persons-of-interest starting with minimal information, as demonstrated in their promotional materials.

Fivecast is headquartered in Adelaide, Australia. The company was co-founded in 2017 by Brenton Cooper, Duane Rivett, Ross Buglak, and David Blockow. Fivecast has a strong connection to the Five Eyes intelligence alliance, which includes agencies from the United States, United Kingdom, Canada, Australia, and New Zealand. The company's tools have been developed in consultation with law enforcement and intelligence agencies from these Five Eyes nations, optimizing their software to meet the specific requirements of these agencies for monitoring and analyzing online threats.

Internal MISP references

UUID 570127f7-f98d-460b-8809-069ed1b871cb which can be used as unique global reference for Fivecast in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.fivecast.com/']

Flock Safety

Flock Safety is a technology company that specializes in providing advanced surveillance solutions. Their products include Flock Camera, which are high-definition cameras placed to capture clear images of vehicles entering and exiting neighborhoods and which utilize automated license plate recognition (ALPR) technology to identify and log vehicle data, as well as AI-powered audio detection systems. They also feature FlockOS in their suite of products, which integrates first and third-party data from video, license plate recognition (LPR), and audio detection to provide real-time intelligence through advanced search, a customizable map and other options.

In 2024, Flock Safety acquired drone startup Aerodome for over $300 million. This acquisition allows Flock Safety to broaden its reach into autonomous police drone surveillance.

In 2025, it was revealed that the company was considering using hacked or breached data to create Nova, a surveillance tool intended for law enforcement use. That same year, a report by 404 Media revealed that a Texas police officer used Flock’s nationwide license plate camera network to track a woman who had traveled out of state to obtain an abortion.

In October 2025, Amazon's Ring announced a partnership with Flock, enabling agencies that use Flock to request Ring users to share surveillance footage.

Internal MISP references

UUID d16072bb-c9f5-44ed-9c7d-51a902fd5620 which can be used as unique global reference for Flock Safety in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.flocksafety.com/']

Fly4Less

Fly4Less, a Hungary-based company, is a contractor for Frontex, the European Border and Coast Guard Agency, to provide aerial surveillance services. The company operates aircraft equipped with advanced monitoring systems for border control, targeting migrants.

Internal MISP references

UUID dbe2cb16-1e74-4886-935d-95c641b631a4 which can be used as unique global reference for Fly4Less in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://fly4less.hu/en/', 'https://fly4less.hu/hu/']

Fog Data Science

Fog Data Science, a data broker, sells location data about individuals to law enforcement agencies, obtained from thousands of apps on Android and iOS app stores. The company's web application, Fog Reveal, provides detailed histories of people's lives, selling access for less than $10,000 per year. In the U.S alone, Fog has past or ongoing contractual relationships with at least 18 local, state, and federal law enforcement clients. Fog's service allows for "pattern of life" analyses, revealing an individual's daily routines and habits. The service can execute broad searches, such as gathering device IDs for everyone in a specific area.

The company also uses a "Project Intake Form" that requests detailed information about persons of interest, including their medical provider locations, and harvests location data from smartphones through apps and advertising systems. Critics, including former law enforcement officials, have expressed alarm over the tool’s ability to track individuals in private spaces, such as homes, without judicial oversight.

The company was founded in 2016 by two former Department of Homeland Security officials, Robert Liscouski and Matthew Broderick, who served under President George W. Bush.

Internal MISP references

UUID 881861ba-8c8d-434f-951a-ffd45551a32f which can be used as unique global reference for Fog Data Science in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://fogdatascience.com/']

Forenza

Forenza is the developer of a platform designed to assist police forces to access, organize and analyze social media data from sites and apps like Instagram, YouTube and TikTok. One of the platform's features is the ability to categorize and analyze public videos for specific traits, such as license plates, road signs, or tattoos to support law enforcement to identify people, vehicles, documents or locations.

The platform is currently used by police forces in Israel, with plans to expand to the U.S.

Forenza was co-founded by Efim Lerner and Uri Boros, who were also the founders of Bler Systems, a subsidiary of the Avnon Group, and which also develops a range of surveillance tools.

Internal MISP references

UUID 768f977d-2d34-45d1-8fdd-9ebdef3c6e32 which can be used as unique global reference for Forenza in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Forsolution

Forsolution, a Czech-based company, is a developer of surveillance and monitoring equipment. Its primary product, the DELTA wireless digital audio monitoring system, is used for monitoring individuals under house arrest. The company's tools are specifically designed for covert operations and are used by police, intelligence agencies, special forces, and other government-approved organizations. Their products are also often showcased at international exhibitions and arms fairs targeting global markets.

Internal MISP references

UUID 1e5b3988-cf3b-4fdf-845f-a53773adbc24 which can be used as unique global reference for Forsolution in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.forsolution.cz/']

Fraunhofer IOSB

The Fraunhofer Institute of Optronics, System Technologies, and Image Exploitation (Fraunhofer IOSB) is a research organization based in Karlsruhe, Germany. It develops what they market as "intelligent video surveillance systems" which includes AI-driven image analysis and tracking movement patterns. The institute has been a key partner in Mannheim's pilot surveillance project, which began in 2018. The system, which includes 76 cameras installed in what they consider to be "high-crime areas", transmits surveillance data to the Mannheim Police Headquarters via a sealed fiber-optic network.

Internal MISP references

UUID 7456118c-651a-4161-b920-d46ec28fd79b which can be used as unique global reference for Fraunhofer IOSB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.iosb.fraunhofer.de/', 'https://www.iosb.fraunhofer.de/en.html']

Frontiir

Frontiir is a Myanmar-based internet service provider (ISP) that has been facilitating digital surveillance for the country's military junta. The company operates under the Myanmar Net brand, providing internet services to millions of users. Investigations have revealed that Frontiir hosts surveillance equipment developed by Geedge Networks, a Chinese cybersecurity firm founded by Fang Binxing, known as the "father" of China's Great Firewall. This equipment reportedly enables the interception and decryption of web traffic, blocking of websites, and prevention of Virtual Private Network (VPN) usage, thereby restricting access to uncensored information. Frontiir's Yangon data center has been identified as housing this surveillance technology.

Internal MISP references

UUID 0c418b14-eae3-41b9-9b0a-2b02cb9e6dbf which can be used as unique global reference for Frontiir in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.frontiir.com/']

G4S

G4S is a British multinational security services company headquartered in London, United Kingdom. It provides a wide range of security-related services, including manned guarding, electronic security systems, and monitoring services. G4S has been involved in providing surveillance tools for Australia's offshore immigration detention centers, such as those on Manus Island. It has also provided surveillance equipment and services to Israeli checkpoints, prisons and police stations in the West Bank and Gaza. G4S has been responsible for managing and providing surveillance equipment at several immigration detention centers in the UK, such as Brook House and Tinsley House, which suffer from staff abuse, neglect, mistreatment of detainees, and poor living conditions. In 2021, Allied Universal acquired G4S for $5.28 billion.

Internal MISP references

UUID 16579490-4321-4bdd-b7af-d17dff7ee6a5 which can be used as unique global reference for G4S in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.g4s.com/']

Gaggle

Gaggle is a Dallas, Texas based company that provides ongoing AI-powered surveillance in schools. The students' digital activities are closely monitored for indicators of certain behaviors. This surveillance includes homework, emails, photos, and chats, with alerts potentially leading to interventions that include police involvement. In some schools, Gaggle was integrated into all school-issued Chromebooks, working with Google services such as Gmail, Google Docs, Google Slides, and Google Sheets. Whenever students type something, Google's auto-save feature activates, automatically routing the saved content through Gaggle for monitoring. As of May, 2024, Gaggle is currently in at least 1,500 K-12 districts in the U.S.

Internal MISP references

UUID 4c1c8794-5b08-41c4-bdfe-e33e0d049b23 which can be used as unique global reference for Gaggle in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.gaggle.net/']

Gatewatcher

Gatewatcher is a cybersecurity firm specializing in advanced threat detection and network surveillance. Its tools, like Trackwatch, use machine learning and behavioral analysis to monitor and analyze network behavior.

In 2024, Gatewatcher strengthened its collaboration with Saudi Arabia as part of the Franco-Saudi partnership on cybersecurity. The company provides advanced multi-vector detection technologies to the Saudi government.

Gatewatcher has also been embroiled in controversy due to legal allegations against its founder, Philippe Gillet, who has been accused of hacking and orchestrating violent attacks amid a dispute with former business partner Franck Berezay.

Internal MISP references

UUID 722818ca-05d6-4e82-a44d-adee4e5b2914 which can be used as unique global reference for Gatewatcher in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.gatewatcher.com/']

Gedion

Gedion is a company headquartered in Lithuania which produces audio surveillance and location monitoring technology. In 2023, Gedion partnered with Pegasus Intelligence, a technology broker based in Dubai, to provide advanced surveillance equipment to primarily government clients in the Gulf Cooperation Council (GCC.)

Internal MISP references

UUID eaf38671-c3b7-428c-8eec-07db82826b8b which can be used as unique global reference for Gedion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Geedge Networks

Geedge Networks is a Chinese cybersecurity firm that helped build China’s "Great Firewall" and now sells a commercialized version of that system abroad. Founded in 2018, the company’s Tiangou Secure Gateway can filter websites and apps, conduct real-time surveillance, throttle or shut down entire regions of the internet, pinpoint anonymous users, and automatically block circumvention tools such as VPNs and Tor.

Leaked internal files show Geedge exporting these capabilities to authoritarian clients, including Kazakhstan, Ethiopia, Myanmar and Pakistan. In Pakistan, Geedge tech replaced Sandvine equipment in 2023 to create “WMS 2.0,” the country’s upgraded national firewall.

Engineers at Geedge actively reverse-engineer popular privacy tools, listing commercial VPNs as “resolved” problems and rolling out blockers like the Psiphon detector deployed after Myanmar’s 2021 coup.

Internal MISP references

UUID f6e01bbf-0ca7-4bdd-93f9-fd098b4a9d93 which can be used as unique global reference for Geedge Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.geedgenetworks.com/']

General Atomics

General Atomics Aeronautical Systems, Inc. (GA-ASI) is a major American aerospace company based in San Diego, California. GA-ASI designs and builds unmanned aircraft, most notably the Predator drone, which is widely used by the U.S. military and allied forces for surveillance and strike missions. The company operates as a subsidiary of General Atomics, a private firm established in 1955. GA-ASI has played a key role in advancing drone technology since the 1990s, supplying long-endurance aircraft and sensor systems for defense and intelligence operations. In June 2025, 404 Media revealed that the company's drones were used to surveil protests in Los Angeles.

Internal MISP references

UUID f776831e-6270-43ef-9e23-689905e124d4 which can be used as unique global reference for General Atomics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ga.com/']

General Dynamics

General Dynamics Corp is a major U.S. defense contractor involved in the development and deployment of surveillance technologies used in border enforcement and immigrant monitoring. Between 2005 and 2019, the company was a key contractor for U.S. Customs and Border Protection (CBP), building a so-called "smart/virtual" border along the U.S.–Mexico. Its Remote Video Surveillance Systems (RVSS), equipped with day and night capable cameras mounted on vehicles, enable near-constant monitoring of border regions, giving authorities unprecedented oversight over the movement of migrants.

General Dynamics Information Technology (GDIT), the company’s IT and services arm, has expanded this surveillance infrastructure, including modernizing CBP’s tower systems under the Consolidated Tower & Surveillance Equipment (CTSE) program. These towers, deployed across southern border regions such as Arizona (Nogales, Naco, Yuma, and Ajo) and Texas’s Rio Grande Valley, concentrate state surveillance in communities where migrants are most vulnerable. Newer contracts also extend surveillance infrastructure to parts of the northern U.S. border with Canada, where surveillance towers are being installed or upgraded.

Internal MISP references

UUID 4f978581-d771-4e39-881d-096d26e343bf which can be used as unique global reference for General Dynamics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.gd.com/']

General Robotics

General Robotics Ltd. (GRL), based in Hod Hasharon, Israel, specializes in developing advanced robotic systems for military and defense applications. One of its products, "Pitbull", can be mounted on various platforms for remote surveillance activities. It was acquired in March, 2022 by the American company Sig Sauer, one of the world's leading arms, ammunition, and optical sights companies.

Internal MISP references

UUID 42b831a5-4c4c-45e8-89e6-820c4002f8fd which can be used as unique global reference for General Robotics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.glrobotics.com/']

Genetec

Genetec is a prominent provider of surveillance technology, supplying law enforcement with a range of invasive monitoring tools. Their offerings include video management systems, automatic license plate recognition (ALPR) software, and real-time crime center (RTCC) analytics to expand police surveillance networks. Genetec also leads a program to facilitate the process for law enforcement agencies to request and retrieve footage from private cameras.

In 2017, Genetec developed the Citigraf platform specifically for the Chicago Police Department (CPD), one of the largest police forces in the U.S., to help manage and analyze their extensive data collection. Powered by Microsoft Azure, Citigraf integrates information from surveillance sensors and database records, using both real-time and historical data to generate calculations, visualizations, and alerts that provide CPD with "deep situational awareness." Microsoft is collaborating with Genetec to advance this platform with a "correlation engine" designed to interpret surveillance data more effectively. In 2016, the city of Detroit in Michigan launched Project Green Light, which uses Genetec Stratocast and Microsoft Azure to stream surveillance footage from local businesses and other entities to the Detroit Police Department.

Microsoft has long provided facial recognition services to law enforcement through its extensive partnerships with Genetic and similar companies.

Internal MISP references

UUID 63909299-bf9f-47f8-bf0a-4087e5135cb2 which can be used as unique global reference for Genetec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.genetec.com/']

Genieo Innovation

Genieo Innovation, formerly called Anabel Software, is an Israeli company that specializes in developing software often categorized as adware, grayware or malware. In 2014, Genieo was acquired by Somoto for $34 million.

Internal MISP references

UUID c2863096-a6a2-4763-9a32-1952c60b9909 which can be used as unique global reference for Genieo Innovation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.genieo.com/']

Geo Group

Geo Group is the largest private prison operator in the United States headquartered in Boca Raton, Florida. The company develops and distributes digital surveillance tools, including ankle monitors, smartwatches, and tracking apps to monitor immigrants under the U.S federal government’s "Alternatives to Detention" program. This program, designed to track the whereabouts of immigrants, has been a lucrative venture for Geo Group, generating significant revenue.

The company’s surveillance technology, including its facial recognition-powered SmartLink app, allows constant monitoring of immigrants’ locations. Geo Group’s technology has also facilitated deportation efforts, with its data being used by Immigration and Customs Enforcement (ICE) to locate and detain immigrants.

Geo Group operates internationally, including in South Africa, Australia, and the United Kingdom, where it provides monitoring and surveillance services related to prisons and mental health facilities.

Internal MISP references

UUID dc447f78-2efd-45ac-a190-0415782da4e4 which can be used as unique global reference for Geo Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.geogroup.com/']

GEOAI

GEOAI, also known as Guangzhou ImapCloud Intelligent Technology Co., Ltd., develops drone docking stations, edge computing modules, and AI-powered sensors to create integrated sky-to-ground monitoring systems. The company utilized Nvidia chips for its gait recognition technology that could identify individuals by their walking patterns.

Internal MISP references

UUID 8888081c-b6a7-4c8f-aac6-4cb496dc82d7 which can be used as unique global reference for GEOAI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.geoai.com/en', 'https://www.geoai.com/']

Geofeedia

Geofeedia was hired by California police departments after pitching its ability to identify civil rights protesters, according to an American Civil Liberties Union report. Without public hearings or civilian oversight, the Oakland Police Department has used it to conduct surveillance on large public gatherings, possibly including political protests.

Internal MISP references

UUID 9be425bf-ecfd-4f37-8b4b-ffcec98278f1 which can be used as unique global reference for Geofeedia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Geolitica

Geolitica, formerly known as PredPol, short for "Predictive Policing," is a software company that claims to use historical crime data to predict where crimes are likely to occur. Its surveillance capabilities rely on analyzing past crime reports, including time, location, and type of crime, to generate "hot spots" for law enforcement to monitor. This data-driven approach enabled police departments, such as the LAPD, to direct patrols and resources to specific areas flagged by the system. PredPol however specifically targeted Black and brown neighborhoods in the U.S, and its algorithms created often false and misleading data that intensified surveillance in these communities.

Internal MISP references

UUID 379b636b-b431-454c-a318-9e5cfc82c4a9 which can be used as unique global reference for Geolitica in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://geolitica.com/', 'http://www.predpol.com/']

Geotab

Geotab is a provider of vehicle tracking and fleet management products. Its Geotab GO9 device provides comprehensive telematics capabilities, including real-time GPS tracking, vehicle diagnostics, and driver performance monitoring. Geotab has partnered with government agencies, including providing vehicle tracking systems to the U.S Immigration and Customs Enforcement (ICE). These systems allow ICE to monitor the locations and movements of vehicles used in immigration enforcement operations.

Geotab also works with police departments in Canada. The Belleville Police Service in Ontario has implemented Geotab's telematics solutions in its fleet of 31 vehicles, including sedans, SUVs, and pickups.

The company claims to have devices installed in 130 countries and on all 7 continents. It also maintains offices in the U.S., the U.K., Germany, Spain, Australia, Mexico, China, France, Italy and Singapore.

Internal MISP references

UUID 91183dda-1bba-4cbb-9144-6d09a9315c50 which can be used as unique global reference for Geotab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.geotab.com/']

Ghost Robotics

Ghost Robotics is a Philadelphia-based company that specializes in the development of advanced robotics systems, particularly focused on legged robots. Ghost Robotics' robots, like the Ghost Minitaur and others in their lineup, are equipped and utilized for surveillance purposes. The Israeli army has been using the company’s robots in Gaza, according to news reports in Haaretz and other sources.

Its Vision 60 Quadrupedal Unmanned Ground Vehicles (Q-UGVs) have been deployed by the U.S. military for various applications. The U.S. Air Force has utilized these robotic systems at Tyndall Air Force Base and during Advanced Battle Management System (ABMS) exercises.

In 2024, Ghost Robotics entered a "strategic partnership" with South Korea's LIG Nex1, which acquired a 60% controlling stake in the company for $240 million.

Internal MISP references

UUID 5d0f606f-ae8a-4c76-af63-92460ca266ea which can be used as unique global reference for Ghost Robotics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ghostrobotics.io/']

Giant Oak

Giant Oak Inc. is a U.S.-based company that develops data analytics and monitoring technologies. Their primary product, Giant Oak Search Technology (GOST), is a tool designed to analyze and filter large amounts of online data, including social media, to identify individuals and networks of interest. Founded by Gary Shiffman, a former U.S. Navy veteran and DARPA researcher, Giant Oak has received millions in U.S government contracts since 2014. These contracts include work with agencies such as Immigration and Customs Enforcement (ICE), the Department of Homeland Security (DHS), and others, for purposes such as immigration enforcement and intelligence investigations.

Originally developed from earlier projects like "Social Locator," GOST creates detailed profiles by analyzing digital traces, highlighting keywords, and providing visual summaries of online activity. It has been used to flag "derogatory" content on social media. GOST also allows agencies to search for individuals using identifiers like names, addresses, or emails and ranks results based on specific requirements. Additionally, it can screen and rank large groups of individuals simultaneously.

In February 2024, Saifr, a compliance solutions provider created by Fidelity Investments, announced the acquisition of GOST.

Internal MISP references

UUID faff3a43-8b28-4b76-8c02-ac9a25924c19 which can be used as unique global reference for Giant Oak in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.giantoak.com/']

Giza Systems

Giza Systems is a partner of Nexign, formerly known as Peter-Service, a Russian company that specializes in providing software and services for telecommunications companies. According to its website, Nexign’s products have been delivered to 12 countries and includes the surveillance company Protei as a partner. In a press release, data collection is listed as one of the services that will be provided as part of the partnership between Giza Systems and Nexign.

Internal MISP references

UUID 968f3e27-52b4-4b75-9647-09b5eb3c9399 which can be used as unique global reference for Giza Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://gizasystems.com/']

Glimmerglass

Glimmerglass was a U.S.-based technology company that built optical networking products, including technology that facilitates the interception of undersea fiber-optic cables.

Glimmerglass has reportedly provided systems capable of monitoring and analyzing internet traffic, including services like Facebook, Twitter and Gmail. Their technology included 3D MEMS (Micro-Electro-Mechanical Systems) solutions, which allow for the interception and duplication of light signals transmitted through fiber-optic cables. This enables agencies to capture the full content of communications, not just metadata, for intelligence purposes. The company has acknowledged that its systems are deployed in multiple countries for "lawful interception" under anti-terrorism laws. Its tools are marketed as providing intelligence agencies with full control over massive flows of data, including the ability to analyze communications in real time. Confidential materials from Glimmerglass have demonstrated its ability to map social networks, monitor webmail, and intercept phone calls.

The company was re-named “VSocial Technologies” in 2021 and continues to operate under that brand.

Internal MISP references

UUID e00b3b8e-b2c9-44b2-8f06-e12ac1d0f90d which can be used as unique global reference for Glimmerglass in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Gloo

Gloo, a data analytics company, uses digital surveillance to benefit churches and evangelical campaigns. The company mines personal online data, often belonging to vulnerable populations like immigrants or those facing personal crises, to enable churches to target individuals.

Gloo has been linked to campaigns like the $1 billion "He Gets Us" initiative, which uses targeted advertising to promote Christian messages. Although "He Gets Us" initially denied selling data to Gloo, evidence showed that Gloo used data from their campaigns to sell contact information of individuals seeking spiritual support to churches.

Through Gloo's Explorer program, the personal data of individuals responding to "He Gets Us" social media ads was sold to local pastors or anyone willing to pay $49/month. This included sensitive information, such as contact details, without proper vetting or guidelines on how the data should be used. In one incident, a pastor publicly shared private messages from a person and exposed her identity to everyone in her church after she responded to an ad on Instagram.

Internal MISP references

UUID 0ee55eaf-dbfa-4ebd-9b06-b38f8d0da914 which can be used as unique global reference for Gloo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://gloo.com/']

GMEA Group

GMEA Group is a prominent African conglomerate headquartered in Ghana. They provide various surveillance technologies, including IMSI-catcher tools, which intercept mobile phone traffic and track user location data. These devices function as "fake" mobile towers, enabling interception between a mobile phone and its service provider's actual towers, facilitating man-in-the-middle attacks.

Internal MISP references

UUID 1731b805-7cbc-4189-8b39-2a4ed007327c which can be used as unique global reference for GMEA Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://gmea.com/']

GoLaxy

GoLaxy surveils and shapes online opinion for the Chinese Communist Party (CCP). Its platforms ingest social media data, map networks of political actors and influencers, and use AI to generate and deploy content; operators monitor sensitive topics (Taiwan, Hong Kong, Xinjiang, U.S. politics) and intervene by seeding narratives or amplifying aligned voices in order to flood information channels with pro-government messaging. It tracked people in Hong Kong to counter opposition to the 2020 Hong Kong National Security Law.

GoLaxy’s primary customers are CCP propaganda departments, state security services, provincial police departments, and the military. The company’s inner workings were exposed through nearly 400 pages of leaked planning documents. The company maintains close ties with the Chinese Academy of Sciences and pitches its tools to provincial-level agencies that fund localized monitoring and influence operations.

Internal MISP references

UUID c8b40c15-0395-4c99-9817-e8959cbba4f9 which can be used as unique global reference for GoLaxy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.golaxy.cn/']

Gorilla Technology

Gorilla Technology develops AI-powered products for smart cities and surveillance. Their technologies include iCCTV, which uses AI video analytics to improve surveillance techniques, and IVAR (Intelligent Video Analytics Recorder), which analyzes CCTV footage to identify people, vehicles, and objects.

Gorilla's Smart Policing Solutions integrate AI-driven tools, such as a Criminal Intelligence Big Data Platform, a Criminal Intelligence Analysis Platform, and predictive patrol systems, to assist law enforcement in their activities. The company also offers facial recognition technologies as part of its video analytics capabilities for real-time identification and monitoring.

Internal MISP references

UUID c1373d94-4d67-441a-981c-5e9b55bff165 which can be used as unique global reference for Gorilla Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.gorilla-technology.com/']

Gravy Analytics

Gravy Analytics is a company that provides location intelligence and data analytics services. It's the parent company of Venntel, which sells smartphone location data, including to U.S. government agencies. It provides detailed location data that can help law enforcement agencies understand patterns of movement and behavior in specific areas. In 2023, Gravy Analyrics merged with Unacast, a company that uses machine learning and artificial intelligence to provide location intelligence products.

In January 2024, hackers claim to have breached the company. The hackers allege they have stolen sensitive data such as customer lists, industry information, and precise location data from smartphones, threatening to release it publicly.

Internal MISP references

UUID f4a18fca-e05b-410e-8596-ed9f58c8fbea which can be used as unique global reference for Gravy Analytics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Graylark

Graylark Technologies is the developer of a tool called GeoSpy. According to 404 Media, GeoSpy is a powerful AI tool capable of geolocating photos within seconds by analyzing features such as vegetation, architecture, and building distances. Initially accessible to the public, the tool has since been restricted to law enforcement and government agencies after its misuse for stalking. GeoSpy claims to have the ability to simplify complex geolocation tasks that typically require years of expertise, making it accessible to users with minimal training.

Internal MISP references

UUID e67f6bad-88e3-468d-a1e3-0946c29cee9e which can be used as unique global reference for Graylark in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://graylark.io/']

Grayshift

Grayshift, an American company best known for its tools to unlock encrypted mobile devices, has reportedly supplied its technology to Belarusian authorities to hack into locked mobile devices, aiding the Belarusian government in its extensive surveillance operations. These measures include real-time video monitoring systems and direct access to communications data.

Its core product, GrayKey, is a forensic access tool that enables the extraction of encrypted or inaccessible data from mobile devices, including those protected by alphanumeric passcodes.

In 2023, Grayshift merged with Magnet Forensics, a Canadian digital forensics company, to create a combined entity focused on providing advanced digital investigation tools to law enforcement and public safety agencies.

Internal MISP references

UUID 98b687cc-dca2-4040-aa52-af1276e79cb4 which can be used as unique global reference for Grayshift in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.grayshift.com/']

Griffeye

Griffeye is the Swedish developer behind Griffeye Analyze Deep Pro, a multi-source data analysis system for police forces. According to the Balkan Investigative Reporting Network (BIRN), the Ministry of Internal Affairs (MUP) of Serbia purchased Griffeye facial recognition software in 2022.

Griffeye Analyze DI Pro can recognize faces based only on the eyes, even when the eyes are not visible under certain conditions. It can also download large amounts of personal data from the internet and then search, sort, cross, and process it based on metadata such as GPS coordinates, the time when an image was taken, or phone serial numbers. Europol has used the software since 2019.

The Griffeye Analyze platform is used by over 1,000 police agencies across the world.

Magnet Forensics, a developer of digital investigation technologies used in over 90 countries, acquired Griffeye in August, 2023.

Internal MISP references

UUID 385fa7f3-40b6-4472-9038-083c26ca4b66 which can be used as unique global reference for Griffeye in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.magnetforensics.com/products/magnet-griffeye/']

Group 42 (G42)

Group 42, more commonly known as G42, is a UAE-based artificial intelligence whose staff include former members of DarkMatter, which was staffed by former NSA operatives who conducted hacking and surveillance on behalf of the United Arab Emirates under the codename "Project Raven." Human rights advocates and journalists are often targeted. Among them was G42 CEO Peng Xiao, who for years ran DarkMatter’s Pegasus program. In 2021, three former U.S. intelligence and military officials admitted to providing sophisticated computer hacking technology to the UAE while working at DarkMatter. The firm has established a joint venture with state-owned Israeli defense company Rafael Advanced Defense Systems.

G42 has been linked to surveillance through its acquisition of UAE’s Botim app, which is officially promoted as a secure messaging and VoIP platform but has been reported to facilitate government monitoring of users' communications.

Botim was developed by Algento, a private American technology company headquartered in San Francisco, California. The company operates subsidiaries in Dubai (Algento DMCC), Beijing (Beijing Aojintuo), and Hong Kong (Algento Cloud Computing Limited).

Internal MISP references

UUID aeadb0fc-5ba2-4f4c-9df7-ac734f4dfba9 which can be used as unique global reference for Group 42 (G42) in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.g42.ai/']

H3C Technologies

H3C Technologies, also known as New H3C, is a joint venture originally established between Hewlett-Packard Enterprise (HPE) and China-based Unisplendour Corporation, a subsidiary of the state-owned Tsinghua Holdings. H3C's technology is deeply embedded in China's extensive surveillance system. The company has developed an internet protocol (IP) telephone network for the Xinjiang Public Security authorities, a key component of the region's repressive monitoring network. This system integrates mobile apps, biometric data collection, artificial intelligence, and big data to monitor and control the activities of millions of Uyghurs in Xinjiang. H3C also sells internet firewall products.

Internal MISP references

UUID 5b7a3558-1d77-49d2-b107-0a345eca66d6 which can be used as unique global reference for H3C Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.h3c.com/']

Hakluyt

Hakluyt & Company is a London-based intelligence agency known for its discreet operations and high-level clientele, including multinational corporations and governments. The firm is notable for its ties to the intelligence community, as it is staffed predominantly by former officers from agencies such as MI6, the CIA, and other elite intelligence organizations.

In 2001, BP and Shell were called out for hiring Hakluyt to spy on Greenpeace activists.

In 2021, Hakluyt opened a subsidiary in Dubai called Hakluyt & Company (Middle East) FZE.

Internal MISP references

UUID 8bda1a91-dba6-4814-bbeb-71aad738f813 which can be used as unique global reference for Hakluyt in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://hakluytandco.com/']

Hanwang Technology

Hanwang Technology, also known by its English name Hanvon, is a publicly traded Chinese tech company founded in 1998 by Liu Yingjian, a former communications specialist in the People's Liberation Army. Initially focused on handwriting recognition, Hanwang used funding from China’s 863 Program to expand its technologies.

Hanwang has refocused its efforts on artificial intelligence, particularly facial recognition technology, becoming a prominent partner of China’s Ministry of Public Security (Gonganbu). Its products include mask-compatible facial recognition. This system uses advanced algorithms and thermal sensors to analyze visible facial features, such as the eyes and forehead, to confirm identities. It has been used to monitor public spaces and track individuals in crowded areas.

Internal MISP references

UUID bb5af40b-a262-4591-99a9-15557ac27f89 which can be used as unique global reference for Hanwang Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.hanvon.com/list-10-1.html', 'https://www.hanvon.com/', 'https://ka.hanwang.com.cn/en/']

Hawk Analytics

Hawk Analytics is the developer of CellHawk. Widely used by law enforcement agencies, private investigators, and legal teams, CellHawk processes extensive datasets from cellular providers, including call detail records (CDRs), location data, ride-hail logs, and tower dumps, to create detailed maps of individuals' movements, relationships, and communication patterns. Its capabilities extend to analyzing ride-hailing and GPS data, offering features like animation tools to visualize movement and alerts for specific geofenced areas. It also integrates with Cellebrite exports, and ankle‑bracelet monitoring.

The software has been employed in high-profile cases, such as tracking phone activity in investigations tied to Donald Trump’s legal battles. Trump's team used CellHawk to analyze phone records of a prosecutor, revealing thousands of calls and texts, and mapping their locations.

In 2022, it was acquired by LeadsOnline.

Internal MISP references

UUID 80423756-f574-4188-bc1c-c176fc489993 which can be used as unique global reference for Hawk Analytics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://hawkanalytics.com']

Helsing

Helsing is a German defense company that builds software to turn cameras, radars and other battlefield sensors into a real-time "eyes-everywhere" network for the military. It develops AI-powered surveillance technology and autonomous military drones, connecting imagery, signals and radar feeds so forces can detect, classify and track targets without human analysts in the loop

Internal MISP references

UUID 31ff0bdb-388f-426d-9827-dc86371d1099 which can be used as unique global reference for Helsing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://helsing.ai/']

HENSOLDT

HENSOLDT provides surveillance technologies designed to be integrated with drones. While the company itself does not manufacture drones, it develops advanced sensor systems that are often used in unmanned aerial vehicles (UAVs) for surveillance purposes. HENSOLDT's ARGOS-II HD electro-optical infrared (EOIR) system is frequently mounted on drones to provide high-resolution imaging and real-time surveillance capabilities. It also incorporates AI into its surveillance and sensor technologies. HENSOLDT, with funding from Germany, has supplied border control and surveillance equipment to Tunisia, along with providing training to the Tunisian military.

Internal MISP references

UUID 79217ccc-799b-469c-a6a8-736049e40afc which can be used as unique global reference for HENSOLDT in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.hensoldt.net/']

Herta Security

Herta Security, a Spanish company that develops facial recognition technology, has been involved in providing surveillance solutions globally. In India, Herta's facial recognition technology has reportedly been deployed by the Indian Railways as part of its mass surveillance initiatives. This system is used to monitor passengers and identify individuals of interest.

According to the company, its clientele includes police forces in countries like Germany, Spain, Uruguay, and Colombia, as well as sports stadiums, shopping centers, hotel chains such as Marriott and Holiday Inn, airports, and casinos.

Internal MISP references

UUID ff9f9918-33e3-4a28-8dde-696dff9426f8 which can be used as unique global reference for Herta Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://hertasecurity.com/', 'https://hertasecurity.com/es/']

Hiddentec

Hiddentec develops GPS tracking equipment that provide real-time information. The company's HT Pro software is a feature-rich platform for tracking and monitoring data. The software displays incoming messages from trackers in a filterable, tabular format and shows available GPS information on a mapping screen.

According to its official website, Hiddentec's surveillance equipment and trackers are in use globally within law enforcement, military, and government institutions.

MetOcean Telematics acquired Hiddentec Group in August, 2022.

Internal MISP references

UUID 7ad47eb8-a9c6-48d9-96b2-49097c5de5cb which can be used as unique global reference for Hiddentec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://hiddentec.com/']

HiSilicon

HiSilicon is a subsidiary of China’s Huawei Technologies Co. Ltd. which sells chips with advanced capabilities for surveillance cameras. It is one of the world’s most dominant chipmaker in the surveillance camera industry.

Internal MISP references

UUID 7a7ba87b-bf2d-4422-8c5f-8ba412b337c8 which can be used as unique global reference for HiSilicon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.hisilicon.com/']

HK Medsourcing

HK Medsourcing is a company that sells International Mobile Subscriber Identity (IMSI) catchers, an intrusive technology used to locate and track all mobile phones that are switched on within a specific area. It operates by masquerading as a mobile antenna, which tricks nearby phones into connecting to it. A significant concern with IMSI catchers is their frequent secret deployment, often lacking a clear legal foundation and the safeguards and oversight mechanisms that international human rights law mandates for other surveillance technologies.

Internal MISP references

UUID 8d2b7c2e-61d7-42e9-97ab-39b67eebaa25 which can be used as unique global reference for HK Medsourcing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Hocell

Hocell is a company that provides surveillance tools, including a Drone-Mounted IMSI Catcher, a Portable IMSI Catcher and a Vehicle-Mounted IMSI Catcher, that can search and track cell phones as well as locate targets by identifying their IMSI numbers. The company is headquartered in Shenzhen, China.

Internal MISP references

UUID 019d3dad-cd7b-4b5e-9659-c6b914dc5a5c which can be used as unique global reference for Hocell in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://hocell.com/']

Horizon Robotics

Horizon Robotics develops AI-powered surveillance technologies, including facial recognition cameras and smart city solutions. According to company sources, its HR-IPC2143 smart camera achieves facial recognition accuracy up to 99.7% and can detect, track, and identify up to 200 objects in real time. These systems are designed for mass monitoring applications, such as identifying targets in crowded areas or large events. The cameras use Horizon's proprietary "Sunrise" AI processor, which integrates algorithms, chips, and cloud systems for efficient video analysis.

The company also collaborates with state-owned enterprises and government initiatives in China, such as the 973 Program, also known as the National Basic Research Program of China.

Internal MISP references

UUID 9f000e1f-a77f-4936-9f27-24ed59842317 which can be used as unique global reference for Horizon Robotics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://en.horizon.auto/']

Horizon Technologies

Horizon Technologies is a developer of airborne intelligence and surveillance solutions. One of its products, FlyingFish, is an advanced airborne Signals Intelligence (SIGINT) system designed to monitor satellite communications. It is capable of passively intercepting satellite phone signals to determine the location of users and gather intelligence in real time. Frontex, the European Border and Coast Guard Agency, utilizes FlyingFish systems as part of its border surveillance initiatives. These systems are deployed on ISR aircraft to monitor migration routes and enable Frontex to track satellite phone signals often used by migrants.

Internal MISP references

UUID 9b4608d0-cf82-4865-9979-7b80aa96e955 which can be used as unique global reference for Horizon Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://horizontechnologies.eu/']

HSS Development

HSS Development, formerly known as Homeland Security Strategies, is a New York-based intelligence and security technology provider offering surveillance products, including IMSI Catcher systems. According to Intelligence Online, it supplied surveillance technologies to clients such as Niger's Armed Forces (FAN) and Egypt's Supreme Council of the Armed Forces (SCAF).

HSS markets its products through subsidiaries like GCom Tech, a surveillance technology distributor, and Commtrol, a jamming systems provider.

Internal MISP references

UUID d00436b3-d8bd-43d7-bc5c-48c2f4e7cbba which can be used as unique global reference for HSS Development in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.secintel.com/']

Huadi

Huadi is a Chinese defense contractor and state-owned subsidiary of China's largest missile military contractor, originally spun off from China's Ministry of Defense. The company helped develop China's mass surveillance infrastructure through partnerships with major U.S. technology companies, particularly IBM.

Huadi's surveillance capabilities include designing and implementing the "Golden Shield" policing system, which Beijing uses to censor the internet and crack down on dissidents. In 2009, the company collaborated with IBM to build national intelligence systems, including a counterterrorism database used by the Chinese military and the Ministry of State Security (China's secret police.)

The company also worked with IBM to construct China's national fingerprint database, expanding the government's biometric surveillance capabilities.

Internal MISP references

UUID 82cc6d1f-d12d-4d23-8cdc-43713bddc3ec which can be used as unique global reference for Huadi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Hugslock

Hugslock is a surveillance technology company that developed the iNTACT (Intelligent Access Cover & Support System), a monitoring system disguised as ordinary manhole covers. Their system incorporates capabilities such as infrared surveillance and motion detection. The company made its first major deployment in Saudi Arabia, shipping 60 iNTACT units as part of a smart city project.

Internal MISP references

UUID efaa97ef-af82-4ad1-841c-ad08a0e50500 which can be used as unique global reference for Hugslock in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Icetana

Icetana is a provider of AI-powered video analytics technology designed to advance surveillance systems by identifying abnormal events and unexpected behavior in real time. Its self-learning software integrates with existing video management systems and IP cameras. Icetana also offers facial recognition as part of its product suite, enabling users to manage access lists, create personalized watchlists, and detect individuals of interest.

Internal MISP references

UUID 3ba150ed-0b3e-48e5-b887-8b0ad45ba410 which can be used as unique global reference for Icetana in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.icetana.ai/']

ICOMM

ICOMM Media & Tech, a subsidiary of Hanoi Telecom Corporation (HTC), won a contract worth VND 5.6 billion ($225,000) from Ho Chi Minh City to deploy SocialBeat, an AI-powered social media monitor. The software is capable of processing billions of data points daily, drawing from over 20 million social media accounts, and has been widely adopted by government bodies.

Over the years, ICOMM has won numerous state contracts for surveillance purposes, including deals with the Ministry of Labour and the Vietnamese Fatherland Front.

Led by Bui Ngoc Trung, ICOMM operates under HTC, one of Vietnam's private telecommunications firms.

Internal MISP references

UUID a684c895-3f94-46b2-90f5-f5862af9c858 which can be used as unique global reference for ICOMM in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://icomm.vn/']

IdeaForge

ideaForge Technology Limited, based in Mumbai, is a drone manufacturer and provider of surveillance UAVs for law enforcement. The company distributes the NETRA series, developed in collaboration with the Defence Research and Development Organisation (DRDO). These lightweight drones are designed for vertical takeoff and landing and are equipped with high-resolution daylight and thermal cameras. They are used primarily for real-time aerial surveillance including where GPS signals are weak or unavailable.

Indian police forces across multiple states, including Delhi, Mumbai, Punjab, Assam, Gujarat, Mangaluru, and Karnataka, have adopted ideaForge drones for operations that include crowd monitoring, protest surveillance, and nighttime patrols.

Internal MISP references

UUID 8497bf6f-886f-4e70-8b21-39d21ecd8649 which can be used as unique global reference for IdeaForge in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://ideaforgetech.com/']

IDEMIA

IDEMIA, formerly known as Morpho, is a French multinational for advanced biometric and predictive analytics technologies often used for surveillance purposes. Its Traveler Analytics Suite is used to analyze passenger data, such as Passenger Name Records (PNR), at international borders.

In the United States, IDEMIA provides products to various federal and state government entities and is the leading provider in the issuance of driver's licenses. The company owns IdentoGO, which operates hundreds of storefronts offering electronic fingerprint capture and other identity-related services. The ACLU of Massachusetts reported that IDEMIA released a new video analytics product called Augmented Vision, enabling cameras to analyze people and their movements in real-time. The system includes algorithms capable of recognizing faces, silhouettes, vehicles, number plates, and various objects. Notably, its automated "access control system" can identify a "person of interest," provide direct alerts, and automatically deny that person access to specific areas.

According to Amnesty International, its facial recognition technology was sold to the Shanghai Public Security Bureau, contributing to China’s extensive surveillance infrastructure, including systems targeting Uyghurs and other minority groups in East Turkestan (renamed to Xinjiang by China.)

Internal MISP references

UUID f780f5a5-22f0-43db-bcd1-d37e769edd2b which can be used as unique global reference for IDEMIA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.idemia.com/']

iFLYTEK

iFLYTEK is an artificial intelligence and voice recognition company. Its technologies have reportedly been used to monitor communications and identify Uyghur voices in Xinjiang.

Internal MISP references

UUID 6560d27c-09c7-42e6-ac5f-b42fe92edd32 which can be used as unique global reference for iFLYTEK in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://iflytek.com/']

IMAS

The Information Monitoring and Analysis System (IMAS) is a platform to monitor and analyze mass media channels, including traditional and digital outlets, in Kazakhstan. The system offers tools for tracking information trends, analyzing public sentiment, and providing insights into media activity.

According to Freedom House's 2023 Freedom on the Net report, IMAS advertises a "monitoring system" that conducts social media surveillance." Its clients include the Prosecutor General’s Office, the Ministry of Justice, and various local government administrations in Kazakhstan.

Internal MISP references

UUID 59a02eb9-615e-4c45-8941-58dddcf309f8 which can be used as unique global reference for IMAS in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://imas.kz/en.html', 'https://imas.kz/', 'https://imas.kz/kz.html']

Incert Intelligence

Founded in 2016 by cybersecurity specialist Moshe Ben Abu, Incert Intelligence provides tools for surveillance and intelligence gathering.

Internal MISP references

UUID b0713170-27fb-426c-adc0-372abb1bc48d which can be used as unique global reference for Incert Intelligence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://incertint.com/']

Indra Sistemas

Indra has been involved in providing surveillance and border control technologies that have been used in discriminatory practices, particularly in regions with stringent controls on migration and dissent. It is a provider of drones equipped with sensors, cameras, radars, AI and communication systems to monitor and control borders, as well as for intelligence gathering and target tracking.

Internal MISP references

UUID 912bd347-2718-482b-a1fb-9774e63d8d95 which can be used as unique global reference for Indra Sistemas in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.indracompany.com/']

Inex Technologies

Inex Technologies provides Automated License Plate Recognition (ALPR) systems for law enforcement agencies. Their cameras use neural network-based video analytics to process images on-board and output license plate numbers, reference images, and confidence scores. According to the company, this AI-powered processing enables real-time analysis at 40 FPS in their mobile systems, allowing for immediate identification and alerts on watchlisted vehicles. In 2006, Inex Technologies acquired Zamir Recognition Systems. They rebranded as INEX/ZAMIR while operating from headquarters in both Israel and the U.S, but the company currently goes by the name Inex Technologies.

Internal MISP references

UUID ed2ac6a7-6551-40fe-a3bd-22a5b69ca507 which can be used as unique global reference for Inex Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://inextechnologies.com/']

Infinova

Infinova Corporation, headquartered in Monmouth Junction, New Jersey, is a global provider of advanced surveillance technologies, including CCTV systems, IP cameras, facial recognition systems, deep-learning algorithms, multi-angle recognition and AI-driven analytics. It's heavily involved in China's expansive surveillance programs, such as the "Sharp Eyes" platform and projects in regions like Xinjiang to target Uyghurs. Infinova deleted all articles about its Xinjiang projects from its Chinese website, though IPVM (The Authority On Physical Security Technology) retained copies.

Infinova has also been involved in major mass surveillance projects globally, including in countries like Kuwait, Saudi Arabia, Turkey, Mexico, India and the UAE.

Internal MISP references

UUID 5e155bd8-fc0e-489b-8afd-ba2b6800f841 which can be used as unique global reference for Infinova in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.infinova.com/']

Inkas

Canadian armoured vehicle manufacturer Inkas is a provider of surveillance and interception technologies through its Aerospace & Defense division, established in September 2021. This division markets a comprehensive catalogue of advanced interception systems, including Wi-Fi interception tools, IMSI-catchers, geolocation systems, and other interception products.

Inkas also has partnerships in Israel, where it collaborated with former Unit 8200 officer Eyal Avidov to expand into electronic systems integration and platform-mounted electro-optical systems. The company has supplied surveillance-enabled armoured vehicles to police forces in Nigeria, the UAE, Saudi Arabia, and beyond.

Internal MISP references

UUID 6d517bf8-3c6d-4d3b-b5cf-0a528d1c9e93 which can be used as unique global reference for Inkas in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://inkasarmored.com/']

InMarket

InMarket is a location data broker that has been involved in tracking and selling users' precise location information collected through smartphone apps. The company operates by gathering location data from mobile applications and then selling this information to various clients. In early 2024, InMarket faced regulatory enforcement action from the Federal Trade Commission, which placed restrictions on the company's ability to sell location data.

Internal MISP references

UUID ea94aa44-be00-4c06-a848-45fb206c5c8c which can be used as unique global reference for InMarket in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://inmarket.com/']

Innefu Labs

Innefu Labs, an Indian cybersecurity and artificial intelligence company, has faced scrutiny for its involvement in surveillance technologies and alleged links to spyware attacks. Amnesty International uncovered connections between Innefu Labs and the Donot Team, a notorious hacker group responsible for targeting activists with spyware. This spyware, used in attacks on a Togolese human rights defender, could access sensitive data, including photos, files, and encrypted messages.

The company also provides the facial recognition software AI Vision, used by police in several Indian states for surveillance purposes, including during protests. This technology, which incorporates gait and body analysis, has sparked debates about privacy and the potential for misuse in monitoring dissent. Their clients include the Central Reserve Police Force (CRPF) and the Border Security Force (BSF) in India.

Internal MISP references

UUID 86a678dc-8530-4876-8dd0-fe7650db5ce7 which can be used as unique global reference for Innefu Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://innefu.com/']

Inpedio

Inpedio received millions in investments from the Israel Aerospace Industries (IAI.) IAI made the investment through its Singaporian subsidiary, Custodio PTE. According to Haaretz, employeers at Inpedia were involved in developing Predator in Cytrox offices. Inpedio was registered in the Netherlands in 2016 by Rotem Farkash and Abraham Rubinstein, who also established Cytrox Holdings in Hungary.

Internal MISP references

UUID def88a46-1c0d-46d3-8787-51281d608e8e which can be used as unique global reference for Inpedio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.inpedio.com/']

InReach

InReach was set up as a business entity in Cyprus for the sole purpose of promoting QuaDream’s surveillance products outside of Israel. QuaDream is an Israeli company that specializes in the development and sale of advanced digital offensive technology to government clients. The company is known for its spyware marketed under the name “Reign”, which, like NSO Group’s Pegasus spyware, reportedly utilizes zero-click exploits to hack into target devices.

Internal MISP references

UUID 1c77d55e-7dc5-4a9e-a183-704da8cedfbb which can be used as unique global reference for InReach in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Insanet

Insanet is an Israeli company that uses advertising technology to infiltrate devices and surveil users. Insanet reportedly collaborated with Candiru, an Israeli spyware manufacturer sanctioned in the US, to market their surveillance software, Sherlock, alongside Candiru's own spyware products. Unlike traditional spyware that exploits system vulnerabilities or requires user interaction, Sherlock embeds spyware into targeted advertisements. When these ads are displayed on a webpage viewed by the target, the spyware is silently installed on their device, including Windows computers, Android phones, and iPhones. Sherlock's capabilities include monitoring, data capture, and transmission,

Insanet also worked with Israeli cyber-intelligence, cloud infiltration specialist Paragon, which claimed to have the power to remotely break into encrypted instant messaging communications through its tool Graphite.

According to Haaretz, "the company is owned by former ranking members of the defense establishment, including a past head of the National Security Council, Dani Arditi." The same report by Haaretz also notes that "Insanet has succeeded in obtaining authorization from the Defense Ministry to sell their technology globally. It has already sold the capability to one country that is not a democracy."

Internal MISP references

UUID b736ccee-79d1-4810-a608-3f564b774588 which can be used as unique global reference for Insanet in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Insitu

Insitu, founded in 1994 and now a subsidiary of Boeing, provides drone technology used for surveillance purposes. Its flagship product is ScanEagle, which provides real-time intelligence and civilian surveillance missions. ScanEagle is heavily marketed to Gulf Cooperation Council (GCC), which include Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates.

Internal MISP references

UUID 281f417e-8865-4160-b588-1b20b665df0e which can be used as unique global reference for Insitu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.insitu.com/']

Intecs

Intecs GmbH is a provider of surveillance and intelligence gathering technologies tailored for government and police agencies. Their product offerings include digital audio surveillance tools with data processing, monitoring solutions for cellular and satellite data, and video surveillance systems with high-speed transmission capabilities using RF, cellular, and IP-based technologies.

Internal MISP references

UUID 27942678-cf30-4609-8fa3-5471389f500a which can be used as unique global reference for Intecs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://intecs-security.de/']

Integrity Labs

Integrity Labs Ltd. is a private company established in December 2024 and based in Herzliya, Israel. The company is directed by Naftali Yoran. Integrity Labs Ltd. was created following the acquisition of Candiru's assets by U.S.-based investment firm Integrity Partners in a $30 million deal. This strategic move allowed Candiru's operations to continue under a new corporate identity, circumventing U.S. sanctions imposed in 2021 that had placed Candiru on the U.S. Entity List due to national security concerns.

Research by Recorded Future's Insikt Group revealed new infrastructure linked to Candiru's spyware, known as DevilsTongue. This infrastructure includes operational clusters in Hungary and Saudi Arabia, suggesting that the spyware continues to be active in these regions. Integrity Labs Ltd. was identified within Candiru's corporate network.

Internal MISP references

UUID d65b427b-94e2-4200-83ee-6b0c49521395 which can be used as unique global reference for Integrity Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

IntelEye

Maor Sellek and Ziv Haba, two former employees of Israeli firm NSO Group behind Pegasus spyware, have teamed with business development specialist Oshrat Kakon Faribai to found the start-up IntelEye. According to Israel Hayom, "Inteleye is an intelligence firm specialized in gathering dark web and encrypted messaging data while cooperating with global governments."

Internal MISP references

UUID 58dd239f-3ad7-4ced-816a-3f3b6e6e5422 which can be used as unique global reference for IntelEye in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Intellifusion

Intellifusion is an AI vision company whose "DeepEye" platform provides non‑cooperative facial recognition and large‑scale video deployments. The platform's capabilities include face recognition cameras, visual analysis engines, structured recognition engines, and police mobile terminals. The company was founded in 2014 and based in Shenzhen.

Internal MISP references

UUID 9e8f92df-bc97-497b-a0be-467c430ae2f7 which can be used as unique global reference for Intellifusion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.intellif.com/']

Intelligo

Intelligo is an Israeli company that develops intelligence tools and AI-driven software for background checks. Their platform, Clarity, utilizes AI to gather and analyze data from various sources, including social media and a range of databases. Clarity can also continuously monitor and recheck a target’s background, flagging new data in real time, while using AI to identify patterns and connections in such data.

Intelligo's advisory board includes former heads of intelligence agencies, such as Pinhas Buchris, former head of the Israeli Ministry of Defense's Unit 8200, and Michael McConnell, former head of the U.S. National Security Agency.

Internal MISP references

UUID 6f1b3e79-4320-42d0-acd4-445924810887 which can be used as unique global reference for Intelligo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.intelligo.ai/']

IntelliVision

IntelliVision is a video analytics company that provides AI and Deep Learning-based surveillance technologies for use with CCTV cameras. It also offers an ALPR system for license plate detection, recognition and search. The company primarily works with law enforcement agencies. In 2024, IntelliVision was acquired by Nipun Vision. In 2025, the Federal Trade Commission took action against the company for making false, misleading, or unsubstantiated claims about its AI-powered facial recognition software.

Internal MISP references

UUID 4dfbd247-fff5-4d09-8301-61539de2ba48 which can be used as unique global reference for IntelliVision in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.intelli-vision.com/']

IntellSec

IntellSec is a supplier of intelligence technology for government and industry contracts. Founded in 2017 by Milan Blagojevic, IntellSec distributes interceptions, geolocation, and digital forensics technologies, as well as bugsweeping tools. The company primarily serves as an intermediary for European and Israeli technology, with ties to the British geolocation firm Hiddentec and the US-Israeli startup D-Fend Solutions.

In February 2025, a director of IntellSec was arrested in connection with corruption charges related to the state energy company EPS. The Balkan Investigative Reporting Network (BIRN) reported that IntellSec participated in tenders in which EPS obtained sophisticated surveillance equipment and software.

Internal MISP references

UUID f3bddcbf-0f7b-46ff-aa84-f71582d244b4 which can be used as unique global reference for IntellSec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Intelos

Intelos, also known as Adhoc, is an Israeli firm specializing in geolocation tracking and spyware distribution through online advertising. The company has established a significant presence in Asia, particularly with its operations in Hong Kong. Founded by Eric Banoun, co-founder of Israeli spyware firm Circles, and Roy Shloman, a former partner at surveillance firm Senpai Technologies, Intelos is also partially owned by Hong Kong-based Colibri Technologies, which Banoun founded in 2017. Shloman's Senpai is best known for helping Malaysia's government spy on opposition.

Internal MISP references

UUID a57a2524-fec8-4c80-9075-971a1ca5e1e9 which can be used as unique global reference for Intelos in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.intelos.io/']

Intrado

Intrado, formerly known as West Corporation, is the company behind Beware, a surveillance tool used by police departments to analyze data from various sources, including social media. It assigns "threat levels" to residents based on their publicly available social media activity. Since it was revealed that it was being used by the Fresno Police Department in California, the ACLU has raised concerns about its accuracy, potential for misuse, and the lack of transparency around its use.

Internal MISP references

UUID 6428f404-bb7c-4e4d-9ed1-5a22fda5c642 which can be used as unique global reference for Intrado in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.intrado.com/']

IntuView

IntuView have contracts with Saudi Arabia for efforts that include scanning Saudi citizens' data. Its advisory board consists of a former head of Mossad and a former director of the CIA.

Internal MISP references

UUID 0dbdfb73-0759-4c5d-ad10-1a700feaa4e4 which can be used as unique global reference for IntuView in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.intuview.com/']

Invasys

Founded in 2017 in Brno, Czech Republic, by former Norwegian government security adviser Kyrre Sletsjoe, Invasys is a discreet developer of surveillance technologies. The company develops ways for intelligence services to bypass smartphone encryption and improve their interception capabilities. Building on Sletsjoe's previous venture, Cepia Technologies, Invasys exploits vulnerabilities in GSM communication protocols, particularly the widely used A5 encryption.

Invasys often markets its surveillance and interception products in trade shows like ISS, IPAS and IDEX.

Internal MISP references

UUID d4b2492b-a567-45a7-b04c-b62a8657c942 which can be used as unique global reference for Invasys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.invasys.com/']

iOmniscient

iOmniscient is a developer of AI-driven surveillance technologies, offering monitoring solutions like facial recognition, behavioral analytics, and crowd management. Their technology has been deployed in over 50 countries. In Hong Kong, the company’s AI tools were suspected to be used by police to identify individuals in crowds and match faces against databases during the 2019 pro-democracy protests. iOmniscient's technology is also employed by the Saudi Customs Department at the Al Hadithah border crossing between Saudi Arabia and Jordan. Its clients also include the Chinese army.

The company's facial recognition system claims to be highly advanced, capable of identifying and matching faces against databases even in crowded and uncontrolled environments. The system can track individuals across multiple non-overlapping cameras, providing continuous monitoring of their movements. The system integrates with video management tools, such as those provided by Cisco, to alert law enforcement in realtime. The company partnered with Cisco to install its facial recognition technology at the University of San Francisco.

iQ-Prison is iOmniscient’s surveillance product for prisons.

Internal MISP references

UUID 9d877bcd-550c-49f9-81a5-3d316562b222 which can be used as unique global reference for iOmniscient in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://iomni.ai/']

iProov

iProov is a biometric technology company that develops facial recognition software. The U.S. Department of Homeland Security (DHS) and Frontex (the European Border and Coast Guard Agency) have adopted iProov's tools for use on borders. iProov's systems claim to utilize advanced AI to perform liveness detection as part of their verification process.

Internal MISP references

UUID b35c6b45-3183-4ad4-8ce2-816f4aa2d6e1 which can be used as unique global reference for iProov in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.iproov.com/']

IPS Intelligence

IPS (Intelligence Positioning Solutions) is an Italian company specializing in the development and provision of advanced communication monitoring tools and GPS tracking. IPS caters specifically to Homeland Security Departments and Intelligence Agencies, providing capabilities for intercepting, collecting, and extensively analyzing diverse data types. These include phone calls, Internet traffic, data from electronic surveillance devices, and information sourced from third-party databases.

Their operations cover a wide range of online platforms such as Facebook, Instagram, LinkedIn, YouTube, TikTok, Snapchat, Reddit, X (formerly Twitter) and GitHub. A customer in Tunisia leveraged IPS's services to conduct phishing and social engineering attacks, including IP tracking, demonstrating how the surveillance-for-hire firm provides a full spectrum of tools for invasive surveillance.

Internal MISP references

UUID 25ab634e-a20b-4b0b-8659-82119126f991 which can be used as unique global reference for IPS Intelligence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ips-intelligence.com/']

Ipsotek

Ipsotek, an Eviden business, provides AI-powered video analytics for law enforcement agencies. Its platform, VISuite AI, enables real-time detection of events while performing facial recognition, license plate recognition, and crowd monitoring. The patented “Tag and Track” system allows police to follow individuals or vehicles across multiple camera feeds. The company claims its products are widely adopted by police agencies worldwide.

In 2021, it was acquired by Atos, a multinational information technology (IT) service and consulting company headquartered in France.

Internal MISP references

UUID e21105d3-7536-4f1c-8910-6e35bdf26a0e which can be used as unique global reference for Ipsotek in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ipsotek.com/']

Iristar

Iristar is a Chinese company that develops facial and iris recognition technologies, with strong ties to China's government. According to Intelligence Online, it collaborates with other major Chinese tech and surveillance firms like Huawei, Hanwang and Megvii.

Internal MISP references

UUID 21d7dc6f-b09c-415d-addf-896a3c55337b which can be used as unique global reference for Iristar in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.iristar.com.cn/']

Iskra Technologies

Iskra Technologies, formerly known as IskraUralTEL, is a Russian company that provides communication equipment, digital platforms, and automation systems that facilitate surveillance.

In 2013, Privacy International reported that IskraUralTEL had developed at least three components of SORM (System for Operative Investigative Activities), a Russian state-mandated surveillance system. Historical documentation from Iskratel in 2017 also suggests involvement in such systems.

Iskra Technologies also provides products for interception. Specifically, their Data Network Lawful Interception Solution enables the monitoring and interception of communications across various networks, including fixed, mobile, and broadband. This supports real-time data collection, processing, and delivery to law enforcement agencies.

Internal MISP references

UUID 90516582-51a4-4c0e-b70b-5460936ace79 which can be used as unique global reference for Iskra Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://en.iskra-al.ru/']

Ismallcell Biz

Ismallcell Biz in Mexico is a manufacturer, supplier, and exporter of surveillance and communication interception technologies. Based in Mexico City, the company develops and distributes products such as GSM IMSI Catchers, Active GSM Interceptors, and Small Cell devices, which are used for intercepting, tracking, and recording mobile network signals.

Internal MISP references

UUID 9c0d39ef-487a-4876-a03a-187cf2b51750 which can be used as unique global reference for Ismallcell Biz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ismallcellcatcher.com/']

iSolv Technologies

iSolv Technologies is a South African-based company that develops communication monitoring and interception systems. It primarily caters to law enforcement and intelligence agencies worldwide. Its products, such as the Recall Monitoring Centre (RMC), enable targeted and mass surveillance of fixed-line, mobile, and internet communications. Other products include IP Intercept, a solution for intercepting IP-based communications. The company maintains a partnership with Microsoft.

Internal MISP references

UUID 782c8828-be33-40d7-bd6d-12ff3beaf2bf which can be used as unique global reference for iSolv Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.isolvtech.com/']

Israel Aerospace Industries

Israel Aerospace Industries is a defense company based in Israel. In recent years, it has been involved in significant developments and collaborations, including surveillance deals with the United Arab Emirates through drone-development deals with Edge Group, a government-owned defense company in the UAE.

Internal MISP references

UUID 52e0240a-82af-4601-9b0c-42980c4e9a6b which can be used as unique global reference for Israel Aerospace Industries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.iai.co.il/']

iTeco

iTeco is a Russian IT company that has developed surveillance technologies compatible with Russia's System for Operative Investigative Activities (SORM). iTeco's information analysis system, Xfiles, has been utilized by Russian security services to monitor online sources, including media outlets, blogs, forums and social networks. This system helps automate the collection and analysis of online content, allowing authorities to track and identify dissenting material.

Internal MISP references

UUID c5409054-78b6-46bb-b4a6-53b3a1a435a4 which can be used as unique global reference for iTeco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Jacobs

Jacobs Technology is a provider of surveillance tools, including cell-site simulators (CSS), to law enforcement and intelligence agencies. These devices, often referred to as "Stingrays," allow authorities to intercept cell phone data and track locations covertly. Jacobs, which acquired the manufacturer KeyW in 2019, has deployed over 300 such simulators globally, including in the U.S., Europe, and Australia.

Jacobs' simulators are designed for covert use, often mounted in vehicles for mobile deployment. They support cellular and Wi-Fi data collection across 2G to 5G networks and are expandable for future capabilities.

Internal MISP references

UUID 44eef66e-c836-4091-8251-cc73652e6c0d which can be used as unique global reference for Jacobs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.jacobs.com/']

Jenoptik

Jenoptik is the German company behind TraffiCatch, a mass surveillance tool designed to capture Bluetooth and wireless signals emitted by everyday devices, including smartphones, smartwatches, earbuds, and car entertainment systems. Recently deployed at the U.S. border, this tool enables real-time tracking of individuals by associating wireless signals with vehicles identified through license plate readers.

Internal MISP references

UUID 86f06543-4790-4a0a-b116-c4083099ca31 which can be used as unique global reference for Jenoptik in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.jenoptik.com/']

Jingwang Weishi

Jingwang Weishi is a mobile application designed by Shanghai Landasoft Data Technology Inc. that is utilized for content control purposes, notably by authorities in Xinjiang, China. Residents are required to install the JingWang app, which scans devices for specific files. Cybersecurity researchers found that the app has poor security practices, transferring data without encryption and sending sensitive device information and file metadata to a remote server in China. The app scans for files using MD5 hashes and threatens users with detention for not complying.

Internal MISP references

UUID 08b5030b-8a64-4088-8b76-ab31a64ddff0 which can be used as unique global reference for Jingwang Weishi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Johnson Controls

Johnson Controls is a provider of video surveillance technologies. Its portfolio includes IP and analog cameras paired with intelligent DVRs and NVRs that record, analyze, and manage footage in real time. They power the facial recognition technology installed in the subway in São Paulo, Brazil. They also supply the facial recognition technology at the BEEAH Headquarters in Sharjah, United Arab Emirates, which claims to be the first fully AI-integrated building in the Middle East. They currently operate in more than 150 countries.

Internal MISP references

UUID 33b21e9d-5eca-4e8d-a0ee-831b5cd6af7b which can be used as unique global reference for Johnson Controls in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.johnsoncontrols.com/']

Jouav

Jouav is a Chinese manufacturer of aerial surveillance technologies. Its aircraft, including the CW‑15, CW‑25E, CW‑30E, and CW‑80E models, are designed with vertical take‑off and landing capabilities and can operate for up to eight hours with a range of roughly 200 km. These drones include features such as high‑resolution EO/IR cameras and LiDAR sensors for real-time surveillance and automated tracking of targets. They are typically used by Chinese authorities for border monitoring.

Its founders, Ren Bin and Wang Chen, were previously officers in the People's Liberation Army's General Armaments Department.

Internal MISP references

UUID 1fdaa719-6669-4d76-adde-220d654269e5 which can be used as unique global reference for Jouav in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.jouav.com/']

JSI Telecom

JSI Telecom is a surveillance and analytics company. It holds significant contracts with U.S. federal agencies such as U.S. Immigration and Customs Enforcement (ICE), and provides support for the agency's "Title III digital collection system," enabling the interception of wire, oral, and electronic communications, including calls, texts, and emails. Since 2014, JSI Telecom has facilitated ICE's use of Title III orders, which can be issued for a wide range of purposes. In addition to its work with ICE, JSI Telecom also holds contracts with the FBI and has been implicated in a clandestine surveillance program involving multiple police forces across Ontario, Canada.

According to its website, JSI Telecom provides services to over 30 countries worldwide. In addition to its headquarters in Canada, it has offices in the U.S, Germany, and Australia.

Internal MISP references

UUID 60dcc95c-ef03-4543-bad6-f5e8ebdb698f which can be used as unique global reference for JSI Telecom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.jsitelecom.com/']

Kaseware

Kaseware is a Denver-based software company that facilitates surveillance activities for law enforcement and other agencies. Its co-founders helped build the FBI’s investigation management solution in the U.S. Partnered with ShadowDragon and Microsoft, Kaseware provides a centralized investigative platform that integrates diverse data sources, including open-source intelligence (OSINT) from social media, websites, and other online platforms. This platform supports activities such as behavior analysis, predictive policing, and mapping the social graph and relationships of targets.

Kaseware’s platform is used alongside ShadowDragon tools like SocialNet and OIMonitor, which allow for real-time monitoring of individuals across over 120 online platforms, including social media, dating apps, and the dark web.

Internal MISP references

UUID 82b94175-3486-447b-832e-84fed177f0e1 which can be used as unique global reference for Kaseware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.kaseware.com/']

Kavit

Kavit Electronics Industries Ltd, based in Israel, is a developer and distributor of electronic surveillance and communication interception technologies. Their products include IMSI catchers, which are used to intercept mobile communications, track devices, and gather intelligence.

According to its official website, the company's clients include the Israeli Security Services, Brazilian Police, Mexican Army, Nigerian Air Force, United Kingdom Ministry of Defense, US Police, Spanish Police, Italian Air Force, Royal Thai Army, and South Korean Military.

Internal MISP references

UUID 018a9616-9b7f-4252-81d9-d35dc3f8ae7c which can be used as unique global reference for Kavit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://kavit.com/']

Kedacom

Kedacom is a company headquartered in Suzhou, Jiangsu, China and which specializes in surveillance and video technology. It has been actively involved in policing services through its advanced surveillance systems. Kedacom's technology is prominently used by the Dubai Police Department, where it has introduced a solution that combines mobile technology with artificial intelligence. This includes high-performance front-end cameras, artificial intelligence systems, and various devices such as body-worn cameras, 4G PTZ cameras, in-vehicle NVRs, and control pads. These components are integrated with a video surveillance platform to enable real-time video and audio acquisition, storage, and review.

The technology works by utilizing facial and vehicle recognition capabilities, allowing for real-time video transmission to police command centers. The system also supports deep learning algorithms and big data analysis.

Kedacom also offers the Falcon Human Recognition System, supporting up to 500,000 cameras and a face/human detection comparison library of up to 10 million entries, according to the company's official website. It boasts a face recognition accuracy of up to 98% and supports various camera types, including Kedacom's own and third-party IP cameras.

Internal MISP references

UUID 270dec74-fc23-4f88-9685-bf671b74a388 which can be used as unique global reference for Kedacom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.kedacom.com/en']

Key Technologies

Key Technologies, a company operating in the UAE and Greece, develops border surveillance and interception technologies. Founded in 2019 by Ferit Bonfil, a former expert in interception countermeasures, the company has gained support from Abu Dhabi Catalyst Partners (ADCP), a joint venture between Mubadala Investment Company, a UAE-based sovereign wealth fund, and Falcon Edge Capital, a New York-based alternative asset manager which has rebranded itself as Alpha Wave Global.

According to Intelligence Online, Key Technologies showcased its Theia border monitoring system at a Milipol security trade fair in Paris in 2021. Theia features advanced capabilities, including a German-engineered SX800 optically stabilized lens, night vision with infrared laser illumination, geolocation, and telemetry tools. Notably, the system avoids restrictions under the US ITAR regulations and can be remotely controlled via 4G/5G networks or IP Mesh radio technology from Domo Tactical Communications (DTC).

Internal MISP references

UUID 110c5913-6ca5-4f3e-9e7f-ce40c7089c9b which can be used as unique global reference for Key Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://keytechnologies.ae/']

Kickboard

Kickboard, a company acquired by PowerSchool, gathers data on students' behavior and social-emotional skills. This platform allows schools to track and analyze behavioral trends, disciplinary actions, and emotional development. As part of PowerSchool's suite of tools, Kickboard integrates this data with broader analytics, such as predictive risk scoring, detailed student profiles and other forms of student monitoring.

Internal MISP references

UUID 697f3283-7284-4cd1-af37-a380854c05db which can be used as unique global reference for Kickboard in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://kickboardforschools.com/']

Killer Mobile

Killer Mobile is a Las Vegas-based company that develops spyware tools marketed for both consumer and government use. Its products include Tracer, a call recording and tracking app, and FoxPhone, a tool designed for covert surveillance.

According to a Forbes investigation, Killer Mobile's cellphone surveillance tools were redistributed by Moscow-based tech dealer OpenGSM, which caters to both government agencies and everyday consumers.

Internal MISP references

UUID fdc85cf8-2e49-46dd-a9db-c5f2f24aa0c7 which can be used as unique global reference for Killer Mobile in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://killermobile.com/']

Knightscope

Knightscope is a developer of Autonomous Security Robots (ASRs) that are equipped with facial recognition capabilities, Automatic License Plate Recognition (ALPR), and smartphone signal detection. The company claims their robots provide 360-degree high-definition surveillance, capturing continuous video footage that can be analyzed with AI.

Internal MISP references

UUID f097222a-518f-4f5f-a5a6-9188b7899125 which can be used as unique global reference for Knightscope in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://knightscope.com/']

Kommlabs

Kommlabs is a company in India that provides a range of products including mass interception systems, GSM geolocation finders, data mining and analytics platforms. Its products include VerbaTRACK, which enables the real-time tracking of any mobile device that is switched on and the ability to monitor its location 24/7. It also includes VerbaPROBE, which enables intelligence agencies to gather information from a vast amount of data using analytical tools like multi-lingual OCR, free text search, speaker and language identification and advanced data mining techniques. Another product, VerbaCENTRE, is a monitoring centre solution that enables law enforcement agencies to intercept, monitor and analyze a target's voice, SMS, location and internet communications. It also offers ReveaLINX as a product, which is an interactive visual analytical tool that finds invisible relationships and exposes networks across millions of records from multiple databases, such as social associations of a target, the time and locations of all their whereabouts, and related information from cell tower dumps. The company claims to have offices in Asia, the Middle East and Africa.

Internal MISP references

UUID 12bdac38-187c-4d71-be07-cd2c734c4fa5 which can be used as unique global reference for Kommlabs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.kommlabs.com/']

Korporacja Wschód

Korporacja Wschód is a Polish company that provides surveillance technologies, optoelectronic systems, forensic equipment, and identity verification tools. Its products are primarily used by law enforcement and border management agencies.

Korporacja Wschód and Optix have partnered to supply Mobile Surveillance Systems (MSSs) to Frontex, the European Border and Coast Guard Agency.

Internal MISP references

UUID ba2c7cc2-7edd-4629-9c2d-75d8d2d278e8 which can be used as unique global reference for Korporacja Wschód in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://korporacjawschod.pl/', 'https://korporacjawschod.pl/en/']

KoSpy

KoSpy is a malicious spyware attributed to the North Korean state-sponsored hacking group APT37 (also known as Reaper). This sophisticated malware was found on the Google Play Store, embedded in seemingly legitimate Android apps. KoSpy is designed to covertly collect sensitive user data, including including SMS text messages, call logs, the device’s location data, files and folders on the device, user-entered keystrokes, Wi-Fi network details, and a list of installed apps, while operating undetected. KoSpy can also record audio, take pictures with the phone’s cameras, and capture screenshots of the screen in use.

Internal MISP references

UUID 65230824-5a56-4705-8f54-bf41d28297a6 which can be used as unique global reference for KoSpy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Krikel

Krikel is a preferred supplier of surveillance and spyware tools to the Greek law enforcement and security authorities. It supplied Cytrox's Predator spyware to Greece. It is also the Greek representative of RCS Lab, an Italian company selling surveillance software.

Internal MISP references

UUID d5a4900d-1b0d-431a-b259-6de3dc8b3a8c which can be used as unique global reference for Krikel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

L3Harris

L3Harris is a US defense contractor company. Formed through the merger of L3 Technologies and Harris Corporation in 2019, L3Harris is known for its products in communication systems, avionics, space and airborne systems, and defense electronics. The company’s communication and surveillance products are used by law enforcement agencies for monitoring and intelligence operations. L3Harris is also a producer of surveillance tools like Stingray cell-site simulators. These devices mimic cell towers to intercept mobile phone signals, enabling the collection of sensitive data such as call metadata, location information, and, with additional software, even the content of communications.

L3Harris was in talks to buy ownership of Pegasus software. As of February 2024, the company was in "mature talks" to set up a regional HQ in Saudi Arabia.

Internal MISP references

UUID 96cd0883-0891-4f11-8a1d-86147398a243 which can be used as unique global reference for L3Harris in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.l3harris.com/']

Landasoft

Landasoft is a Shanghai-based private defense company and technology firm that contributes to China's mass surveillance infrastructure, particularly in the Xinjiang province. An Associated Press investigation revealed that the firm, which was a former partner of IBM, replicated IBM's i2 police analytics and launched its own platform to power the Integrated Joint Operations Platform (IJOP) in Xinjiang.

Landasoft deployed software that scraped data from millions of cameras, police outposts, and personal records to build risk dossiers. The system categorized individuals using tags like "studied abroad" or "went on pilgrimage," computed risk scores, and enabled automatic “Push Alerts” to trigger detentions based on flawed predictions, often without human oversight. In one week in 2017 alone, IJOP flagged 24,412 people as "suspicious," leading to widespread detentions, with Uyghurs as a primary target.

Internal MISP references

UUID 77c10bc1-62b1-4555-90f4-149be621fdba which can be used as unique global reference for Landasoft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

LensLock

LensLock is a law enforcement technology company that distributes surveillance products, such as high-resolution surveillance cameras integrated with cloud infrastructure and AI-powered visual and audio identification systems. LensLock has partnered with PlateSmart to offer Automated License Plate Recognition (ALPR) technology for use by police agencies.

Internal MISP references

UUID 57a8e7f5-87dd-4523-b79b-2f914a844b52 which can be used as unique global reference for LensLock in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.lenslock.com/']

Leo Impact

Leo Impact is an Indian cyber intelligence firm based in Rajasthan, developing both defensive and offensive cybersecurity technologies. Leo Impact has also been linked to controversial surveillance activities. Its now-defunct website, "SpyPhoneWorld.com," openly marketed surveillance software capable of remotely monitoring phones, targeting use cases like tracking partners or employees.

Internal MISP references

UUID 021b5682-18a2-47ff-8e18-9e405bf37bb3 which can be used as unique global reference for Leo Impact in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://leoimpact.webflow.io/']

Leon Technology

Leon Technology Company Limited (Leon Technology) is one of the key companies that helped the PRC build the Integrated Joint Operations Platform, a surveillance system in Xinjiang. Leon Technology has multiple surveillance project contracts with the PRC, particularly in parts of the country with sizeable ethnic minority populations.

Internal MISP references

UUID d7d39b15-a560-46be-a889-ec3f354e556a which can be used as unique global reference for Leon Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.leon.top/']

Leonardo

Leonardo S.p.A. is an Italian defense company that provides various surveillance technologies across multiple domains, including air, land, sea, and space, primarily for military and government operations. Its portfolio includes mobile surveillance systems, which combine radar sensors, optronics, and command-and-control facilities for real-time monitoring. Their electro-optical and infrared systems enable tracking of medium- to long-range targets. It's also a developer of airborne mission management systems, such as ATOS, which integrates multiple sensors for surveillance purposes.

Internal MISP references

UUID 03c99eef-6c9f-4ca2-a82a-e3a0e42cf226 which can be used as unique global reference for Leonardo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.leonardo.com/en/home', 'https://www.leonardo.com/it/home', 'https://www.leonardo.com/']

LexisNexis

LexisNexis' Accurint product collects a wide range of data from both public and non-public sources and offers them for sale primarily to government agencies and law enforcement. The platform compiles billions of records from sources such as government databases, utility bills, phone records, license plate tracking and medical records. It also integrates analytics tools like link analysis, detailed location mapping, and pattern recognition.

Accurint is widely used by agencies such as U.S. Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) for surveillance purposes, including tracking individuals and conducting deportation raids.

LexisNexis also integrates facial recognition technology into its monitoring tools, enabling law enforcement and government agencies to identify individuals and analyze images as part of their surveillance and data-gathering efforts.

LexisNexis is a wholly owned subsidiary of RELX PLC, a global information and analytics company headquartered in London.

Internal MISP references

UUID 57e8c62f-0fb8-43a9-a77d-f5dfdab1b9b1 which can be used as unique global reference for LexisNexis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.accurint.com/', 'https://www.lexisnexis.com/']

LianSpy

LianSpy disguises itself as system applications or financial services like the Alipay digital payments app. When the spyware operates as a system app, it automatically gains the necessary permissions for further exploitation, requesting access to screen overlay, notifications, background activity, contacts, and call logs. Once activated, LianSpy hides its icon from the home screen and runs silently in the background with administrator privileges. It discreetly monitors user activity by intercepting call logs, sending a list of installed applications to the attackers' server, and recording the smartphone's screen, particularly during messaging activities. According to researchers, LianSpy is a post-exploitation malware, indicating that the attackers either exploited an unknown vulnerability in Android devices or gained physical access to the victims' smartphones to modify the firmware.

Internal MISP references

UUID 281ee57b-f79e-41ab-8a11-c8995ff22971 which can be used as unique global reference for LianSpy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

LifeRaft

LifeRaft is a social media intelligence company that provides tools for monitoring and analyzing online activity. Its platform is designed to scan large volumes of public social media posts, identify potential risks, and provide related intelligence. LifeRaft's technology has been tested by organizations like the Fresno Police Department in California, USA for social media surveillance purposes.

Internal MISP references

UUID fdbe1787-389c-4809-b891-6f3e7429d07b which can be used as unique global reference for LifeRaft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://liferaftlabs.com/']

Lightspeed

Lightspeed Systems develops tools designed to monitor and manage student activity on school-issued devices. Its software provides features like real-time screen monitoring, web filtering, and AI-powered alerts to identify "inappropriate behavior." The software can track students' online activities both during and outside school hours, often without their explicit awareness. The company claims to be used on 15 million student devices globally, and by 28,000 schools worldwide.

Internal MISP references

UUID f71c8a6d-997a-485a-89a7-8456d8d3e78c which can be used as unique global reference for Lightspeed in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.lightspeedsystems.com/']

Linchpin Labs

Linchpin Labs is a software development and cybersecurity firm with a history of working with government clients, reportedly selling zero-day exploits and other tools to intelligence agencies, including those within the Five Eyes alliance. It frequently collaborates with its partner company, Azimuth Security, to provide such hacking capabilities to government entities. In 2018, it was acquired by U.S. defense contractor L3Harris.

Internal MISP references

UUID 77380c86-fa41-4ed3-931e-3533d6cfaced which can be used as unique global reference for Linchpin Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.linchpinlabs.com/']

Logic Industries

Logic Industries is an affiliate of AGT International (Asia Global Technologies), which partners closely with the government of the United Arab Emirates to provide a wide range of mass surveillance equipment.

Internal MISP references

UUID d18a9f0e-6321-4dba-b7ae-3c70b6e95ff9 which can be used as unique global reference for Logic Industries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Logically

Logically, a UK-based artificial intelligence company, has been involved in government contracts for monitoring and analyzing social media content. The company has received over £1.2 million in funding from the UK government to identify and flag specific content online it deems to be misinformation or disinformation. Using AI, Logically processes data from hundreds of thousands of media sources and public posts on major social media platforms.

Logically's tools were initially tested during elections in India and later expanded to support other government efforts. In the United States, the Washington Secretary of State extended a contract with Logically to monitor social media posts concerning elections. The Wall Street Journal reported in 2021 that the Department of Homeland Security (DHS) had engaged in at least preliminary discussions with Logically.

Internal MISP references

UUID 5b92d563-85bc-408e-bd95-ffdf5d42f4fc which can be used as unique global reference for Logically in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://logically.ai/']

LongHope

LongHope, a Chinese company, sells Wi-Fi hacking tools to law enforcement. LongHope's Wi-Fi WLAN Data Interception System (WWDIS) can snoop on Wi-Fi users, drop spyware, exploit mobile application vulnerabilities, and carry out man-in-the-middle attacks. LongHope also engages in HTTP injection by inserting iFrame code into websites, creating security vulnerabilities susceptible to Trojan dropping.

Internal MISP references

UUID da8189f3-1c87-4c64-ad0e-76694c50f084 which can be used as unique global reference for LongHope in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Macchina Security

Macchina Security is a Belgrade-based firm that imports Chinese technology into Serbia and has been awarded contracts to supply public video surveillance and traffic monitoring systems to numerous municipalities.

A 2023 investigation revealed that approximately one-third of local governments in Serbia utilize surveillance systems acquired from Chinese manufacturers like Dahua and Hikvision through Macchina Security.

Internal MISP references

UUID f90712e4-6592-472c-9b55-00c7c354bf8c which can be used as unique global reference for Macchina Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.macchina.rs/']

Madeye AI

Madeye AI is an Israeli company that develops biometric and artificial intelligence solutions. The firm has gained attention for its role in implementing surveillance hardware at West Bank checkpoints, where Palestinians must undergo biometric monitoring when entering or exiting the region. The technology, which includes precision facial recognition along with fingerprint, retina, and palm scanning capabilities, was installed to enhance Israel's occupation and control over the Palestinian population.

Despite its young age and limited public information, Madeye has secured contracts with major Israeli entities, including the Israel Defense Forces and the Israel National Cyber Directorate.

Internal MISP references

UUID a32bbbaf-9847-400c-9aaa-4a814b7f3049 which can be used as unique global reference for Madeye AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://madeye.ai/']

Magal Security Systems

An Israeli company specializing in high-tech security systems for fences and walls. Its systems are installed in the West Bank and Gaza walls. Now known as Senstar Technologies Corp.

Internal MISP references

UUID 24773e0d-4f3d-4de6-9a7c-70ed0b677e64 which can be used as unique global reference for Magal Security Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://senstar.com/']

Malvin Systems

Malvin Systems is a Russian company that develops SORM-compatible systems for surveillance purposes. SORM (System for Operative Investigative Activities) is an interception system used by Russian authorities to monitor telecommunications. Malvin Systems provides equipment that integrates with telecommunications infrastructure in order to collect and analyze data.

Nokia provided telecommunications equipment and services to connect SORM to Russia's largest telecom networks, such as MTS, while Malvin Systems manufactured the SORM-compatible hardware used by the Russian intelligence agency, the FSB. Nokia announced in March 2022 that it would stop its sales and operations in Russia following the invasion of Ukraine. However, the company left behind equipment and software that connected Russia's SORM surveillance system to major telecommunications networks.

Internal MISP references

UUID 4c4bcf4e-ddb4-4c41-b4a2-7874b74a3521 which can be used as unique global reference for Malvin Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Mantra Softech

Mantra Softech India Pvt Ltd, founded in 2006 by Hiren and Bhavyen Bhandari, is an Indian company that develops and distributes biometric and identity management technologies. Headquartered in Ahmedabad, the company has developed a range of biometric devices, including fingerprint scanners, iris sensors, AI-driven video processors for monitoring purposes, and "mood pattern" or facial emotion detection embedded in its facial recognition technology. Mantra also played a big role in the development and implementation of India's Aadhaar program, the world's largest biometric-based digital identity system.

Internal MISP references

UUID a0f2a737-31e7-4ac2-bc54-47fdfc9f9813 which can be used as unique global reference for Mantra Softech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mantratec.com/']

MASL

MASL (Millennium Automation Systems Limited, and formerly known as MAPL World) is a technology company that provides surveillance and smart city products. For the Delhi Police, MASL implemented a citywide surveillance system that uses Facial Recognition Systems (FRS) and Automatic License Plate Recognition (ALPR). The system is integrated with video analytics and a centralized command center designed for policing efforts.

Internal MISP references

UUID 2c1f3c0b-9ed2-4158-9cff-4878dcf3649d which can be used as unique global reference for MASL in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://maslworld.com/']

Massive Blue

Massive Blue, a New York-based company, has developed a surveillance tool called Overwatch, marketed as an "AI-powered force multiplier for public safety." This technology deploys AI-generated virtual personas designed to infiltrate online spaces. Its stated use cases include monitoring "college protesters," "radicalized" activists, among others. The AI bots can engage in conversations, join groups, and monitor discussions to gather intelligence on specific targets or communities. The bots are also programmed to mimic human behavior, making them difficult to distinguish from real users.

Police departments, particularly near the U.S.-Mexico border, have invested heavily in this tool.

Internal MISP references

UUID 93a66e70-7a0c-46cd-84c4-3342499db32a which can be used as unique global reference for Massive Blue in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.massiveblue.io/', 'https://www.massiveblue.io/overwatch']

Max

Max is a state-backed messaging application developed by a subsidiary of VK, a Russian social network with ties to powerful Kremlin figures. The app represents Russia's effort to create a homegrown alternative to foreign messaging platforms like WhatsApp. According to security experts, Max is designed with surveillance capabilities in mind, it would share private user data with authorities and aims to enable extensive surveillance through centralized data collection and monitoring. The Russian government will require the Max messenger app to be pre-installed on all smartphones and tablets sold in the country.

Internal MISP references

UUID 65c49172-4a73-460b-80c5-e796e1e73f6c which can be used as unique global reference for Max in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://max.ru/']

MCM Solutions

MCM Solutions, a U.K.-based surveillance technology company, manufactures the controversial Detego digital forensics system that enables authorities to extract and analyze data from multiple devices simultaneously. While the company claims to develop tools "for good" to address security challenges, their technology has raised privacy concerns, particularly in Ghana where they conducted advanced training for specialist units and supplied surveillance equipment to immigration services through British Immigration Enforcement, despite acknowledging they "cannot always control how a customer uses the software," according to a Committee to Protect Journalists (CPJ) investigation.

Internal MISP references

UUID 84ee24fc-b232-4492-a22a-c79dbb6416b0 which can be used as unique global reference for MCM Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Media Sonar

Media Sonar specializes in providing advanced social media monitoring and analysis. Their platform helps law enforcement agencies to monitor social media and other online sources to gather intelligence. In 2016, the ACLU of California worked with local activists in Fresno, California to reveal that its police department was using a Media Sonar social media surveillance tool that boasted the capacity to identify so-called “threats to public safety” by monitoring hashtags such as #BlackLivesMatter, #DontShoot, #ImUnarmed, #PoliceBrutality, and #ItsTimeforChange.

Internal MISP references

UUID a45b628a-9e7b-413d-b682-01b39ac75093 which can be used as unique global reference for Media Sonar in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Medialogia

Medialogia is a Russian technology company that develops tools for online and social media monitoring. It has developed systems such as the "Blog Monitoring System" and "Prisma," which are utilized by Russian authorities to track and analyze online content, including blogs and social networks. In April 2025, the National Media Group (NMG) announced plans to acquire Medialogia.

Internal MISP references

UUID a321d885-67c9-4a0f-9cb8-a947c96ee600 which can be used as unique global reference for Medialogia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mlg.ru/']

Megvii

Megvii, also known as Face++, is a leading facial recognition company in China. Its technology has been linked to the mass surveillance and arbitrary detention of Uyghurs in East Turkistan (renamed Xinjiang by China). Megvii has exported its facial recognition software to other countries, including Thailand and Pakistan.

In compliance with Chinese regulations, Megvii is used to authenticate user identities on social platforms. Megvii's proprietary deep learning algorithm, called Brain++, continuously improves the system's accuracy and performance.

Megvii's technology is also used to power China's Skynet system, which monitors public spaces with hundreds of millions of cameras.

Internal MISP references

UUID 1daa4a80-1d79-417c-bf51-4ae837f9cbf2 which can be used as unique global reference for Megvii in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.megvii.com', 'https://en.megvii.com/']

Meiya Pico

Xiamen Meiya Pico Information Co., Ltd. (aka Meiya Pico) provides surveillance technologies for use by the Chinese authorities. Meiya Pico has developed a mobile application designed to track image and audio files, location data, and messages on ordinary citizens’ cellphones. The company has also collaborated with other entities to develop a transcription and translation tool for the Uyghur language to enable authorities to scan electronic devices for criminal content. In 2018, residents of East Turkistan (renamed Xinjiang by China) were required to download a desktop version of Meiya Pico’s surveillance software so authorities could monitor for "illicit activity". Its monitoring mobile app is called MFSocket. They recently changed their corporate name to SDIC Intelligence Xiamen.

Internal MISP references

UUID 0d0471fd-d02a-43c4-911d-e8f555593182 which can be used as unique global reference for Meiya Pico in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.meiyapico.com/']

Meltwater

Meltwater is a Norwegian media intelligence platform that provides tools for monitoring and analyzing social media, news, blogs, and other online content. It is now headquartered in San Francisco, California. Meltwater's capabilities include real-time social media monitoring, keyword tracking, and sentiment analysis.

Meltwater has also been used by law enforcement agencies for surveillance purposes. Police departments have reportedly utilized the platform to monitor social media activity related to protests and against specific targets and communities.

The company has secured contracts with Canadian federal agencies for media monitoring services. In 2015, the UK government contracted Meltwater, among other firms, to monitor public social media activity. In 2021, Singapore's Ministry of Communications and Information appointed Meltwater, to provide media monitoring and online analytics services for all government agencies. Meltwater also operates multiple offices in India, including locations in Delhi and Bengaluru.

Internal MISP references

UUID dd7076e8-5f63-42fb-8c96-09efc17ba28b which can be used as unique global reference for Meltwater in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.meltwater.com/']

Memento Labs

Memento Labs is a company that acquired the infamous spyware vendor Hacking Team, which sold its advanced surveillance technology, called Remote Control System (RCS), to governments and dictatorships worldwide. When researchers began to uncover information about Hacking Team’s operations, the primary targets were human rights activists and journalists. Hacking Team's former chairman, Paolo Lezzi, became the owner of Memento Labs and its parent company, InTheCyber. Memento Labs develops various snooping products, such as KRAIT, a surveillance tool that can silently infect any Android device without the target’s knowledge. It uses a "trusted implant" to appear as a legitimate source, making it easy to trick users into installing it. Once installed, KRAIT can steal passwords, monitor the device's location, microphone, camera, calls, and messages, all while hiding its activity through trusted online services. Another product, RCS X, is the latest version of a powerful spyware that has been used against journalists and human rights activists since 2012. It can infect almost any device, including macOS, Linux, Android, iOS, and BlackBerry, using security vulnerabilities. Once installed, RCS X allows hackers to control microphones, cameras, and take screenshots, while managing all infections from a single console.

At a monitoring conference in Dubai, Memento Labs introduced two new tools: MoniTOR and PrevenTer. PrevenTer is designed for speech recognition and transcribing call recordings. MoniTOR is aimed at helping law enforcement track activities by attempting to exploit any technical vulnerabilities to bypass anonymization methods used by the Tor network. However, these tools were not developed by the company itself, it was developed via a research collaboration with the University of Applied Sciences and Arts of Southern Switzerland (SUPSI) and funded by the Swiss Agency for Innovation Promotion, Innosuisse. SUPSI and Memento Labs' parent company, In The Cyber, have contractual agreements to jointly develop software products.

Internal MISP references

UUID a9534607-1a10-4038-9807-439bf2d35686 which can be used as unique global reference for Memento Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

MER Group

MER Group develops and sells a range of surveillance and cyber intelligence solutions, including tools for intercepting communications, extracting data from devices, and monitoring online activities. One of the company’s flagship surveillance projects is the ‘Mabat 2000’ project in the Old City in occupied East Jerusalem. The project includes an array of about 400 CCTV cameras deployed throughout the Old City and linked to a police Command and Control center that monitors residents’ movements 24/7. In addition, the company’s surveillance cameras have been installed at the Beit Iba checkpoint, the Sha’ar Ephraim checkpoint and at the Anatot army base in the occupied West Bank.

Internal MISP references

UUID d26eca8b-851f-408f-bf4f-f5826a6f3328 which can be used as unique global reference for MER Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://mer-group.com/']

MFI Soft

A subsidiary of Citadel, MFI Soft is notable for its development of NetBeholder, a powerful surveillance tool that allows for detailed tracking and analysis of telecom subscriber data. This technology is employed to monitor communications and movements of individuals. It supplies solutions for tracking user traffic to the countries of the former Soviet Union, and through the Canadian company ALOE Systems (formerly MERA Systems) and used in Canada, the USA, Mexico, Argentina, Brazil, Costa Rica, El Salvador, Peru, and Uruguay.

Internal MISP references

UUID 15f51075-2fa4-4c2d-b857-bc090615476f which can be used as unique global reference for MFI Soft in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Mühlbauer

Mühlbauer, a German technology company, became Uganda's first biometric ID system provider in 2010 following a meeting between President Museveni and the German ambassador. The $80 million contract was controversial as it bypassed normal government procurement rules by avoiding a competitive bidding process. The company played a significant role in expanding Uganda's biometric identity coverage, registering approximately 5 million citizens in just 6 weeks. Their system provided ID cards and digital identities to Ugandan citizens.

While Mühlbauer's technology was ostensibly implemented for legitimate identification purposes, extensive documentation and interviews gathered by Bloomberg and nonprofit investigative newsroom Lighthouse Reports reveal it has evolved into a sophisticated surveillance tool used to monitor politicians, journalists, human rights advocates, and ordinary citizens in Uganda.

Internal MISP references

UUID 7ad88c39-a78a-4e6a-b6d4-9aa9c89c6057 which can be used as unique global reference for Mühlbauer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.muehlbauer.de/']

Mindbox

Mindbox Analytics India Pvt Ltd provides Automatic Number Plate Recognition (ANPR) systems using AI technology to capture license plates. The company also offers the Mindbox Fast-Mind Facial Recognition System (FRS), an AI-powered tool designed for rapid and contactless identity verification.

Internal MISP references

UUID f2e7fb8f-0220-4a63-abc8-4721def32ff6 which can be used as unique global reference for Mindbox in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://mindbox.ai/']

Mobilewalla

Mobilewalla is a data broker and consumer intelligence platform that aggregates and analyzes large amounts of consumer data. It was founded in Singapore and later moved its headquarters to Atlanta, Georgia, U.S.

Mobilewalla collected over 500 million unique consumer advertising identifiers paired with precise location data, often without consumer knowledge or consent. This data revealed sensitive information, such as visits to healthcare facilities, religious institutions, and political events. Mobilewalla also tracked residents of domestic abuse shelters and purposefully tracked protesters in 2020.

In addition, Mobilewalla admitted that it supplied data used by the U.S Department of Homeland Security, the U.S Internal Revenue Service (IRS), and the U.S. military for warrantless device tracking domestically and internationally.

The Federal Trade Commission (FTC) stated that Mobilewalla failed to anonymize this data. In response to these practices, the FTC finalized an order in 2025 banning Mobilewalla from selling sensitive location data and collecting consumer data.

Internal MISP references

UUID 2b357d0f-66c2-4092-9772-5f9c773a286f which can be used as unique global reference for Mobilewalla in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mobilewalla.com/']

Mobineers

Mobineers, also known as Mobineers Info Systems, is an Indian technology company that develops smart-policing software. One of its tools is the E-Beat Book, a mobile application designed for foot-patrol officers, and which incorporates facial recognition technology to enable law enforcement to rapidly identify individuals by matching their facial data against existing databases.

Internal MISP references

UUID 076f7038-96cb-46a3-86d7-fc2053115395 which can be used as unique global reference for Mobineers in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mobineers.com/']

Mollitiam Industries

Mollitiam Industries is a Spanish cybersecurity and surveillance company that develops intelligence and monitoring solutions. The company provides various tools with intelligence gathering and surveillance capabilities for both government and private sector clients. Those who have bought its surveillance products include the Colombian armed forces, which have used them to illegally spy on supreme court judges, politicians, journalists, and journalists’ sources. Colombian targets have included Alejandro Santos, the editor of the news magazine Semana, and some of his reporters after they published articles about crimes committed by the members of the military. In 2019 alone, Colombia’s military reportedly spent $800,000 on spyware from Mollitiam Industries.

Internal MISP references

UUID 1c27e5bc-c309-4fc7-a5cd-e556f995219f which can be used as unique global reference for Mollitiam Industries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mollitiamindustries.com/']

Movia

Movia S.p.A., an Italian cyber intelligence company, develops spyware tools, such as "Spyder," which is used for telecommunication, environmental, and telematic interceptions. The company collaborates with Italian prosecution offices and law enforcement agencies, providing end-to-end monitoring solutions.

Movia showcased its Spyder spyware at ISS World in Dubai in 2023, an intelligence trade show which it also sponsored.

Internal MISP references

UUID 83d3b03d-da9f-40d6-a242-8399ec5a44fd which can be used as unique global reference for Movia in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://movia.biz/']

Mozenda

Mozenda is identified as one of the big data analysis tools that Serbian law enforcement and intelligence agencies have been using for surveillance purposes.

Internal MISP references

UUID 25b1e1bf-1459-4f82-89c5-526964006e91 which can be used as unique global reference for Mozenda in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.mozenda.com/']

MSAB

MSAB is a Swedish forensic technology company. Its software, XRY, which can decrypt passwords and recover deleted data, was reportedly used by Hong Kong police in 2020 to access pro-democracy activist Joshua Wong's phone in under an hour. Leaked documents in 2021 showed that Myanmar's military junta used MSAB's technology to extract data from phones, including deleted content. In the U.S, the San Diego Police Department employs MSAB's XRY software to extract data from mobile devices in investigations. It's also used by the FBI and U.S. Customs and Border Protection (CPB), among other government agencies.

MSAB developed tools for CPB to gather information from vehicles at border crossings by extracting data from car infotainment systems. These systems store a wealth of information, including call logs, text messages, GPS locations, and paired device data.

Its reseller in Hong Kong is S-Tech, which also sells surveillance tools from Oxygen Forensics and BlackBag (acquired by Cellebrite in 2020.)

Internal MISP references

UUID bcea712d-a093-4eb7-8bf9-6d8160bf1836 which can be used as unique global reference for MSAB in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.msab.com/']

Mulk International

Mulk International is a UAE-based multinational conglomerate that is spearheading the development of the Zim Cyber City, a $500 million high-tech park in Zimbabwe. This project is part of Zimbabwe's broader "smart city" initiative, which aims to integrate advanced surveillance systems. The Cyber City will feature 24/7 surveillance technology, including facial recognition systems, directly connected to local law enforcement.

Internal MISP references

UUID 22ec75b5-7d46-4d44-a400-f43dd885b86e which can be used as unique global reference for Mulk International in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://mulkinternational.com/']

Narus

Narus, a subsidiary of Boeing, has sold its NarusInsight technology, used for mass surveillance of internet traffic, to several countries with known human rights violations, including Saudi Arabia and Egypt. Capabilities include Deep Packet Inspection equipment (DPI), a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway. Narus was was founded in 1997 by Israeli "security experts" to create and sell mass surveillance systems for governments and large corporate clients.

Internal MISP references

UUID 9d7d80d2-99c7-4eda-8567-54c1be941d84 which can be used as unique global reference for Narus in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Naung Yoe Technologies

Naung Yoe Technologies Co., Ltd. is a Yangon-based company that distributes surveillance products, system integration, and equipment provision. Since the 2021 military coup, Naung Yoe Technologies has been involved in the procurement and installation of surveillance technologies across Myanmar. The company has been awarded tenders to install Chinese-made CCTV cameras equipped with facial recognition capabilities in several cities, including Naypyidaw. These projects are part of the junta's "safe city" initiatives.

The surveillance systems supplied by Naung Yoe Technologies are sourced from Chinese manufacturers such as Zhejiang Dahua Technology, Huawei Technologies Co. Ltd., and Hikvision.

A source close to the company disclosed that Naung Yoe Technologies employed former generals, which may have influenced its success in securing government contracts, including the installation of CCTV networks and command-and-control centers in Naypyidaw. In March 2023, the company was added to the U.S. Department of Commerce's Entity List, which restricts access to U.S.-origin items, software, and technology.

Internal MISP references

UUID 2dd904c9-5ada-4b4e-b073-d1a93832903e which can be used as unique global reference for Naung Yoe Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Near

Data intelligence company Near was originally founded in Singapore in 2012 and later relocated to Pasadena, California. In 2021, data broker Near claimed to have location data on 1.6 billion people, which raised additional concerns when the company filed for bankruptcy in 2022. The data's potential sale to another company, including sensitive information from locations like abortion clinics, alarmed many human rights and privacy advocates. Near's privacy policy states that all collected data can be conveyed to prospective new owners, should the business be sold. Near sold data to the U.S government and claimed otherwise on its website, with no privacy safeguards in place until 2022. The sale of location data without informed consent continued until at least October 2023.

Internal MISP references

UUID 13f1dafd-f3a9-4ad7-bbeb-b5ebf61424e9 which can be used as unique global reference for Near in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://near.com/']

NEC Corporation

NEC Corporation is a Japanese multinational company specializing in IT services and electronics, with a significant focus on biometric surveillance technologies. Their products include NeoFace, a facial recognition system used for law enforcement and immigration purposes, and which is powered by AI for advanced image matching and identity verification. NEC has numerous partnerships with foreign governments to provide these surveillance technologies. Its "Safer Cities" platform integrates large-scale databases combining biometric data, national identification systems, and surveillance from citywide cameras and drones, fully equipped with behavioral analytics. The system is designed to monitor urban environments in real-time, using advanced AI to analyze patterns of human activity, providing law enforcement with powerful tools for ongoing mass surveillance.

Internal MISP references

UUID e280869f-01cc-4e57-9dc5-319b924d69b5 which can be used as unique global reference for NEC Corporation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.nec.com/']

Negg Group

Negg Group, an Italian cybersecurity firm, was first revealed in 2017 by Kaspersky as the developer of the “VBiss” and “Skygofree” Android malware, which can infect mobile devices through one-click exploit chains or by drive-by downloads. Google discovered targets in Italy, Malaysia, and Kazakhstan.

Negg established a presence in the United Arab Emirates by joining a consortium for the Aion Sentia project in Abu Dhabi, which aims to develop an AI-powered city.

Internal MISP references

UUID 9b87f807-b35b-454a-8f4b-5af1a60bab39 which can be used as unique global reference for Negg Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://negg.group/']

NeoBit

NeoBit, a Russian company headquartered in St. Petersburg, is involved in surveillance and cyber operations on behalf of the Russian government. The company is behind the development of Vepr, a system designed to monitor and predict "information tension points" on the internet. This project, commissioned by Roskomnadzor (Russia's internet censorship agency), aims to analyze online content, including tone, aggression, and repost metrics, to identify perceived threats such as criticism of authorities, "LGBT propaganda," and other topics deemed undesirable by the state. Vepr is part of a broader initiative, the Clean Internet project, which seeks to surveil 100% of Russia's online activity using advanced neural networks and bot farms capable of infiltrating closed social media groups.

NeoBit has reportedly collaborated with Huawei, the Chinese tech giant, by supplying expertise in artificial intelligence fields such as machine learning, behavioral analysis, and anomaly detection. Huawei has also recruited researchers from NeoBit and other Russian firms.

The company was sanctioned by the United States in 2021 for its suspected ties to Russia's three main intelligence services: the FSB, SVR, and GRU. NeoBit is also a contractor for Russia's Ministry of Defense and the Federal Protective Service (FSO).

Internal MISP references

UUID 42fa8aa7-2649-44ed-83ec-c10066a3f27b which can be used as unique global reference for NeoBit in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://neobit.ru/']

Netposa Technologies Limited

Netposa Technologies Limited (Netposa) owns or controls, directly or indirectly, SenseNets Technology Ltd. (SenseNets), an entity that operates or has operated in the surveillance technology sector of the economy of the PRC. Netposa’s subsidiary, SenseNets, has created a facial recognition database that combines GPS tracking with sensitive personal information to track individuals including Uyghurs. At one point, SenseNets was tracking over 2.5 million individuals in Xinjiang.

Internal MISP references

UUID 6829be5d-48d7-4416-ba02-6c2dacb82302 which can be used as unique global reference for Netposa Technologies Limited in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.netposa.com/']

Netronome

Netronome, a U.S.-based technology company, played a role in enabling surveillance in Uzbekistan by providing technology used to attempt the interception of encrypted SSL traffic. This effort, facilitated by U.S-Israeli company Verint, involved the use of fake certificates to execute man-in-the-middle (MITM) attacks, potentially granting Uzbek authorities unprecedented access to private communications. Netronome's Secure Sockets Layer (SSL) appliance product line by Blue Coat Systems, a U.S cybersecurity company that was known as CacheFlow until 2002 and acquired by Symantec in 2016.

Internal MISP references

UUID 150241d0-bffa-435d-b432-db30b6a9d486 which can be used as unique global reference for Netronome in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Netsweeper

Netsweeper, a Canadian company that develops internet filtering technology, enables internet censorship and surveillance in various countries. The company's software is used to block access to content deemed politically or socially sensitive, such as websites related to political dissent, religious topics, independent media, and LGBTQ+ rights. Netsweeper's technology employs automated mechanisms to filter content across multiple categories, which can be customized by clients, including governments and ISPs. Its tools include onGuard, which monitors student activity in real time, tracking desktop content, internet usage, and user-submitted data.

Internal MISP references

UUID fe54dd6e-9804-4789-b215-a4c12020849a which can be used as unique global reference for Netsweeper in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.netsweeper.com/']

Network Solutions

Network Solutions (Сетевые Решения) is a Russian software developer that provides billing systems for telecommunications operators. Beyond its billing solutions, the company provides tools for transferring data to SORM (System for Operative Investigative Activities), a Russian government-mandated surveillance system. According to its website, Network Solutions facilitates the direct transfer of sensitive subscriber data to SORM from certified billing systems. This data includes call and payment information, personal customer details, accurate addresses, passport information of individuals, and details of legal entities.

Internal MISP references

UUID d59cf093-50ab-4654-83b0-7c60f0c3cc26 which can be used as unique global reference for Network Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Neurotechnology

Neurotechnology is a Lithuania-based company that develops biometric identification systems used by governments, law enforcement, and private-sector clients worldwide. Founded in 1990, the company's suite of products include facial recognition, fingerprint, iris, and voice recognition technologies, and has supplied its algorithms to national ID programs, border control systems, and police agencies across multiple countries.

Its MegaMatcher and VeriLook software is capable of performing large-scale biometric matching. Law enforcement entities have deployed Neurotechnology's tools for investigations, target identification, and crowd monitoring, often in combination with surveillance footage or photo databases.

Internal MISP references

UUID ae4ab3bb-3164-41ef-ac92-d8ba67041a4e which can be used as unique global reference for Neurotechnology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.neurotechnology.com/']

Nexign

Nexign, formerly known as Peter-Service, is a Russian company that provides surveillance software and monitoring services for telecommunications companies. The company is part of USM Telecom, owned by Kremlin insider Alisher Usmanov.

According to its website, Nexign’s products have been delivered to 12 countries and includes the surveillance company Protei as a partner.

Internal MISP references

UUID 4938018d-2e40-4d95-9795-6775a36b0548 which can be used as unique global reference for Nexign in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://nexign.com/']

Niagara Networks

Niagara Networks is a Silicon Valley–based company that develops network visibility and traffic delivery technologies. Their products include network TAPs (traffic access points), packet brokers, bypass switches, inline bypass elements, and visibility orchestration tools. A report by Amnesty International has identified Niagara Networks as one of the foreign suppliers whose hardware or software is used in Pakistan’s “Web Monitoring System (WMS 2.0)”, a state-firewall network intended to monitor, filter, or block internet traffic.

Niagara Networks distributes its products via a company called Softprom, an IT distributor founded in 1999, operating primarily in Central & Eastern Europe, the Caucasus, Central Asia, and the CIS (Commonwealth of Independent States). It has a similar distributor relationship with CLICO, an IT distribution service founded in 1991 and based in Poland.

Internal MISP references

UUID d9c058db-80be-4910-9a0b-882299ecc312 which can be used as unique global reference for Niagara Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.niagaranetworks.com/']

NICE Systems Ltd

NICE offers surveillance and analytics tools that enable agencies to monitor and analyze large volumes of data, especially to law enforcement agencies. These tools include advanced video surveillance systems, voice and data analytics software, and communication interception capabilities. NICE is also a longtime collaborator of the Milan-based Hacking Team. According to a Buzzfeed investigation based on emails leaked by Wikileaks, the two companies exchanged nearly 3,000 emails between 2010 and 2015, discussing business opportunities in countries such as Uganda, Mexico, Colombia, Israel, and Finland. NICE is one of Hacking Team's largest partners, frequently acting as an intermediary, connecting Hacking Team with state police and intelligence agencies seeking surveillance tools and advanced malware capabilities.

NICE Actimize, a subsidiary of NICE Systems, has developed SURVEIL-X Behaviour, an AI-powered solution designed to provide organizations with a comprehensive behavioral profile of employees. Integrated into the SURVEIL-X Holistic Employee Conduct Surveillance suite, this tool actively surveils employees and analyzes detailed data from hundreds of sources, such as HR systems, customer complaints, and access control logs.

NICE sold its Physical Security Business Unit (PSBU) to private equity firm Battery Ventures for up to $100 million. The PSBU, rebranded as Qognify, specializes in video analytics and physical security information management. This followed an earlier sale of its cyber and intelligence division to Elbit Systems.

Internal MISP references

UUID a6ed7680-8530-49c1-adee-7df9ce919359 which can be used as unique global reference for NICE Systems Ltd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.nice.com/', 'https://www.niceactimize.com/', 'https://www.nicepublicsafety.com/']

Nightingale

Nightingale Security is a developer of autonomous surveillance drones headquartered in Newark, California, United States. Their drones, known as Blackbirds, are equipped with advanced features like autonomous takeoff, landing, and recharging, as well as thermal imaging and AI-based threat detection. These drones can perform scheduled patrols, respond to alarms and provide live video feeds to its operators.

Nightingale's surveillance drones have been deployed in Saudi Arabia and is also used by police agencies in several countries around the world.

Internal MISP references

UUID 76d40420-6fc8-46e6-80a8-14b1c1cd9159 which can be used as unique global reference for Nightingale in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.nightingalesecurity.com/']

Nika-X

Nika-X is a company that develops and implements surveillance systems, particularly for integration with SORM (System for Operative Investigative Activities). SORM is a state-mandated surveillance system used in Russia to monitor and intercept telecommunications.

According to its website, Nika-X provides a comprehensive range of services, from production to the full deployment of SORM solutions, catering to telecom operators, autonomous system owners, and information dissemination organizers. Its products are marketed under the brand name Vector (Вектор).

Internal MISP references

UUID 1cb1ca99-3901-40bb-a75e-4572826c6f4f which can be used as unique global reference for Nika-X in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Nodeflux

Nodeflux is Indonesia’s first and largest Vision AI company, founded in 2016. Its primary platform, VisionAIre, delivers AI-powered video analytics for applications such as facial recognition, license plate recognition (LPR), and activity detection. These technologies are utilized by Indonesia's law enforcement agencies in smart city initiatives and for surveillance purposes.

The Indonesian National Police (POLRI) and the Republic of Indonesia State Intelligence Agency (BIN) have adopted Nodeflux's AI surveillance technologies since 2017.

Nodeflux's technology integrates with national databases, such as the Department of Population and Civil Registration (DISDUKCAPIL), for identification and monitoring through CCTV networks in cities like Jakarta and Bandung . Their AI analytics also support Jakarta's smart city program. Nodeflux is listed as a Gold Partner in Intel’s partner showcase. IBM and Nvidia are also listed amongst its collaborative partners.

Internal MISP references

UUID 5e17f7ad-f550-4547-9db2-81223a04520a which can be used as unique global reference for Nodeflux in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.nodeflux.io/']

Noldus Information Technology

Noldus Information Technology, a Dutch company, specializes in emotion recognition systems and digital surveillance technology. Their "FaceReader" software, which automatically analyzes facial expressions such as anger, happiness, sadness, surprise, and disgust, has been sold to public security and law enforcement institutions in China. The software has been used by Chinese universities with ties to the public security apparatus and police, as well as the Ministry of Public Security.

Amnesty International revealed that Noldus supplied its technology to at least two universities in Xinjiang between 2012 and 2018, including "The Observer XT" software to Shihezi University, which is administered by the Xinjiang Production and Construction Corps (XPCC). XPCC plays a key role in maintaining China's unification, social stability in Xinjiang, and in combating what the government labels as violent terrorist crimes. By 2012, it was already recognized that the Chinese government was conflating Uyghur cultural and religious practices with terrorism, and in the following years, technology for suppressing minorities in Xinjiang, particularly emotion and behavioral analysis systems, became a focus of Chinese authorities.

Internal MISP references

UUID 614d2bea-5a53-475d-bb02-6ccd69ed90fd which can be used as unique global reference for Noldus Information Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://noldus.com/']

NotionTag

NotionTag is the developer of FaceTagr, an advanced facial recognition application designed for identity verification and video analytics. Adopted by the Chennai police since 2017, it uses computer vision to analyze CCTV footage for real-time object detection, zone monitoring, and suspect identification.

In addition, the company developed CoBuddy, a facial recognition app which was used by Tamil Nadu police during the COVID-19 pandemic to monitor individuals under quarantine, according to MediaNama. The app combined GPS geofencing and facial verification to ensure quarantined individuals remained within designated areas. The app also sent random prompts for face verification multiple times a day, alerting authorities if someone left the geofenced zone. It featured a centralized dashboard for real-time monitoring and heat maps of quarantined individuals.

Internal MISP references

UUID 2d32c590-2de2-43e5-a526-7fd763c9a993 which can be used as unique global reference for NotionTag in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.facetagr.com/']

NoviSpy

NoviSpy is a spyware discovered by Amnesty International. It was found on a Serbian journalist's phone, reportedly installed after the device was unlocked using a Cellebrite tool. NoviSpy operates through two applications, NoviSpyAdmin and NoviSpyAccess, which exploit Android's accessibility services to perform extensive surveillance. Its capabilities include capturing screenshots, exfiltrating files, tracking location, and remotely activating the device's microphone and camera. Installed via the Android Debug Bridge (adb), NoviSpy has been in development since at least 2018.

Internal MISP references

UUID 1bd81d87-4735-4795-ba08-1ba3518d56aa which can be used as unique global reference for NoviSpy in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

NtechLab

The Russian company NtechLab operates Russia’s extensive biometric mass surveillance system. This system has reportedly facilitated numerous arbitrary arrests of Russian citizens identified through NtechLab's biometric recognition technology, often during peaceful demonstrations. In July 2023, the European Union imposed sanctions on NtechLab for its involvement in serious human rights violations in Russia.

NtechLab is also behind FindFace, a powerful facial recognition app that quickly gained popularity for its ability to identify individuals with high accuracy by comparing photos to profile pictures on the Russian social networking site Vkontakte.

The company operates as a subsidiary of Rostec, a Russian state-owned corporation.

Internal MISP references

UUID e5ab84a0-b63d-4456-9079-34c945ecefe4 which can be used as unique global reference for NtechLab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://ntechlab.com/']

Ntrepid

Ntrepid is a software company specializing in tools and solutions for online anonymity, intelligence gathering, and social network analysis. A subsidiary of Abraxas, a prominent contractor for the U.S. intelligence community and owned by Cubic, Ntrepid has played a major role in advancing the capabilities of U.S. military and intelligence operations. The company is best known for developing software that allows U.S. military personnel to create culturally and personally detailed false identities, enabling the infiltration of social networks in countries like Afghanistan and Iraq.

A Guardian investigation revealed that the U.S. Central Command (Centcom) granted a $2.76 million contract to Ntrepid to develop the "sock puppets" for manipulation and intelligence gathering.

The company’s Chief Technical Officer Lance Cottrell gave several training seminars at ISS World, the internet and telecommunications interception systems manufacturers’ conference that promotes surveillance products to governments. Cottrell is the creator of Anonymizer, which was acquired by Ntrepid's parent company Abraxas in 2008.

Internal MISP references

UUID 71fc8c2f-3f2c-4515-8896-f29b82daa9e3 which can be used as unique global reference for Ntrepid in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://ntrepidcorp.com/']

Nuctech

Nuctech is a company in China that develops X-ray vehicle scanners. In late 2023, Nuctech introduced its X-ray vehicle scanners to the Serbian government, deploying them along the Serbian-Bulgarian border. The company has also sold its surveillance and scanning technologies to over 170 countries, including deployments at airports, seaports, and border crossings worldwide.

Nuctech Company is owned by Tsinghua Tongfang, which is under the control of the China National Nuclear Corporation (CNNC), a state-owned enterprise.

Internal MISP references

UUID 9dda1b79-8ead-466b-8ce1-f64d7911f3ef which can be used as unique global reference for Nuctech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.nuctech.com/?lang=en_US', 'https://www.nuctech.com/']

Obvious Technologies

Obvious Technologies is a French tech company co-founded by former GIGN commander Thierry Orosco and entrepreneur Naoufal el-Ouali. The company partnered with Emirati cyber-intelligence firm CPX and has ties with the AI-surveillance powerhouse Group 42 (G42). The company is also working with consultant Charles Gillibert to integrate surveillance capabilities and deliver UAVs to Saudi authorities.

Internal MISP references

UUID 6dbb4b86-d2b7-4a52-8b11-8e97fcf64112 which can be used as unique global reference for Obvious Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://oodaworld.com/']

Octasic

Octasic, a Canadian company, is a developer of wireless communication technologies, including surveillance solutions such as IMSI catchers. These devices, often referred to as "Stingrays," are capable of intercepting mobile phone signals and tracking user locations by masquerading as legitimate cell towers. Octasic's Nyxcell V800 targets multiple frequency bands, including GSM (2G), CDMA2000 (3G), and LTE (4G), enabling comprehensive surveillance capabilities.

In 2019, sold IMSI catchers to the Rapid Action Battalion (RAB) in Bangladesh. Octasic's CEO, Sebastien Leblanc, confirmed that the Canadian government approved the export of these surveillance technologies to Bangladesh.

Octasic's involvement in the IMSI catcher market has expanded internationally, with the company exporting its surveillance tools to Europe via Cyprus. The company operates a research and development center in Bangalore, India, and has a sales office in Japan.

Internal MISP references

UUID 6b439a8b-42cf-405b-a7fd-a3dc7832c180 which can be used as unique global reference for Octasic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.octasic.com/']

Oniks-Line

Oniks-Line is a Russian company that develops surveillance and interception technology, particularly systems used for state monitoring and data interception. It is one of the providers of SORM (System for Operational-Investigative Activities) equipment, a surveillance framework widely used in Russia and exported to other countries.

In Kyrgyzstan, Oniks-Line's SORM technology has been implemented to allow authorities to intercept and monitor communications.

Internal MISP references

UUID f1da8c10-b8c6-4547-8a8b-f3d488e90e3f which can be used as unique global reference for Oniks-Line in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Oosto

Oosto is an Israeli company formerly known as AnyVision specializing in facial recognition and tracking technologies. AnyVision initially gained notoriety for its controversial use in monitoring the West Bank border and rebranded to Oosto in September 2021 after it faced significant backlash for its unethical business practices. Despite claims from Oosto that issues like racial bias have been mitigated, skepticism remains, particularly as the company pushes into even more contentious areas like behavior recognition.

In September 2020, AnyVision's/Oosto's shareholders partnered with Rafael Advanced Defense Systems Ltd. to form a joint venture named SightX. This new company, equally owned by AnyVision’s shareholders and Rafael, focuses on developing advanced AI-recognition technologies for military use.

Internal MISP references

UUID b8a0ee2a-057d-4925-b97e-aa9c205e1a59 which can be used as unique global reference for Oosto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://oosto.com/']

Opticoelectron

Opticoelectron Group JSCo is a Bulgarian developer and distributor of optical and surveillance technologies. Its offerings include Mobile Surveillance Systems (MSS), such as the MUSON series, which feature high-resolution day and night cameras, thermal imaging, and long-range capabilities for monitoring. Opticoelectron collaborates with international organizations, including Frontex, the European Border and Coast Guard Agency, to provide surveillance equipment for border control.

Internal MISP references

UUID a8a0a06f-c7de-44cc-97f8-214116ae1968 which can be used as unique global reference for Opticoelectron in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.opticoel.com/']

Optix

Optix, a Bulgarian company, is a provider of surveillance systems, including thermal imaging cameras and night vision devices. Its products are tailored for military, law enforcement, and border control.

Optix partnered with the Polish company Korporacja Wschód to supply Mobile Surveillance Systems (MSSs) to Frontex, the European Border and Coast Guard Agency.

Internal MISP references

UUID 8e6d69ea-5d9b-4a64-abcb-781ba10e4e35 which can be used as unique global reference for Optix in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.optixco.com/bg', 'https://www.optixco.com/']

ORACTeam

ORACTeam is a UK-based consultancy that provides telecommunications and interception solutions, including IMSI catcher technology designed for surveillance and intelligence operations. Their products include both active and passive IMSI catcher systems.

Beyond IMSI catchers, ORACTeam offers a citywide E-Fence Security Solution, integrating IMSI catcher units with facial recognition and license plate recognition technologies. The company has offices in London and Dubai.

Internal MISP references

UUID aa6b2434-cafb-46ed-8e91-def7c6b568ea which can be used as unique global reference for ORACTeam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.oracteam.co.uk/']

OryxLabs

OryxLabs is an Abu Dhabi-based cybersecurity firm. Established in 2020, the company specializes in DNS monitoring and zero-day exploit research. Under the leadership of Sumit Dhar, a former executive at DarkMatter and Digital14, OryxLabs has recruited a team of former spyware and surveillance tech developers, including veterans from Beacon Red and Connection Systems.

DarkMatter's surveillance activities included targeting journalists, activists, and dissidents with spyware and hacking tools. One of its operations, known as Project Raven, involved ex-U.S. intelligence operatives conducting cyber-espionage on behalf of the UAE. This included hacking into email accounts, tracking individuals' movements, and gathering private data. Journalists were specifically targeted to suppress dissent and monitor media activities critical of the UAE government.

In 2023, OryxLabs was acquired by EDGE, the defense conglomerate based in the UAE.

Internal MISP references

UUID 5f1da53d-65d5-426a-b9c7-6e1f07f18586 which can be used as unique global reference for OryxLabs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://oryxlabs.ae/']

OSI Systems

OSI Systems is a global provider of security screening and optoelectronics products. Through its subsidiaries, including Rapiscan Systems and Gatekeeper Intelligent Security, OSI Systems develops and deploys surveillance technologies. This includes imaging and sensor technologies to provide real-time, automated vehicle inspections and facial recognition tools, often for use at borders and "smart city" surveillance projects such as ones in Saudi Arabia and the UAE.

Internal MISP references

UUID d173c025-ca5b-4838-8814-84e68445f1d6 which can be used as unique global reference for OSI Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.osi-systems.com/']

Osnova Lab

Osnova Lab is a Russian company operating under the Citadel group, a surveillance technologies conglomerate. The company claims to be the first in Russia to design and deploy SORM (System for Operative Investigative Activities) solutions for IMS (IP Multimedia Subsystem) platforms. SORM is a state-mandated surveillance system used in Russia to monitor and intercept telecommunications.

Osnova Lab markets its SORM-related products under the brand name Olympus (Олимп). An archived version of its website reveals that its clients include "leading global manufacturers of telecommunications equipment."

Internal MISP references

UUID e222da2e-c684-4d99-bea4-874f533ee57d which can be used as unique global reference for Osnova Lab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://osnovalab.ru/']

OSY Technologies

OSY Technologies is a Luxembourg-based company that serves as the parent organization of the NSO Group ecosystem. The company is part of a larger network primarily consisting of spyware and surveillance companies, often run by former Israeli intelligence officers. Both OSY Technologies and Q Cyber Technologies, which is also based in Luxembourg, have been named in lawsuits related to illegal hacking using the Pegasus spyware.

Michael Flynn, the former U.S. national security advisor, served on OSY Technologies' advisory board in 2016. This relationship coincided with NSO Group's expansion into the U.S. market through the establishment of WestBridge Technologies in the D.C. region.

Internal MISP references

UUID 54122384-cb27-4e97-bcd7-84b7960f6dbd which can be used as unique global reference for OSY Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

OT-Morpho

OT-Morpho, now known as French multinational IDEMIA, specializes in security and identity systems, including facial recognition and other biometric identification products. In 2015, the company was awarded a contract to supply facial recognition equipment directly to the Shanghai Public Security Bureau.

Kenya's opposition coalition has accused OT-Morpho of complicity in electoral fraud in Kenya.

Internal MISP references

UUID b5b6ab08-0a33-4709-b075-3d0aeb58750b which can be used as unique global reference for OT-Morpho in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.idemia.com/icba']

Otesa

Otesa (Orion Technologies and Engineering Systems Africa) is a Namibian company that specializes in surveillance and biometric systems. Otesa developed the Automated Biometric Identification System (N-ABIS) for the Namibian Police Force, a project valued at N$40 million and completed over two years. This system integrates automated fingerprint identification and facial recognition technology, enabling rapid comparison of biometric data against millions of records in seconds. The system maintains an extensive database of fingerprints and facial images.

Internal MISP references

UUID 2d5e7ac2-c498-4ed4-8817-b8a5b90364f4 which can be used as unique global reference for Otesa in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

OurCrowd

OurCrowd is an Israeli company that facilitates startup investments. It helps fund and promote AI-powered surveillance tech, as well as tools like BriefCam, which develops and sells video analysis software that is capable of creating synopses of long clips and identifying and tracking objects and activities. It became the first Israeli VC registered by the Abu Dhabi Global Market to operate in the country. The UAE relies heavily on surveillance tech produced by Israeli startups and defense companies.

Internal MISP references

UUID 0dcfc4cf-8213-4118-a68c-c901d87b6d41 which can be used as unique global reference for OurCrowd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Outlogic

Outlogic, formerly known as X-Mode Social, is a data broker that collects and sells location data through specialized code embedded in over 100 mobile applications, including dating, music, weather, and Muslim prayer apps. On its former website, the company claimed to cover more than 25% of the adult U.S. population monthly. After being acquired by Digital Envoy in August 2021, the company has maintained significant government contracts, including with the IRS, Department of Homeland Security, and various military branches in the U.S.

In 2024, the Federal Trade Commission issued a settlement that prohibits Outlogic from selling or sharing location data that could be used to track individuals to healthcare facilities, domestic abuse shelters, or places of worship.

Internal MISP references

UUID b3c38726-0d52-492a-932f-37626c4f6ce6 which can be used as unique global reference for Outlogic in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://outlogic.io/']

Oxygen Software

Oxygen Software, a Russia-based company, develops mobile forensics tools marketed under its U.S branch, Oxygen Forensics. These tools are primarily deployed by government agencies and are widely used for surveillance purposes. Their capabilities include extracting vast amounts of data from mobile devices, such as personal messages, call logs, location data, and other sensitive information. Governments, particularly in Central Asia, such as Kazakhstan and Uzbekistan, have reportedly used them to monitor activists, journalists, and political dissidents. In the U.S, its tools are used by the U.S Army, Department of Homeland Security (DHS), alongside other government agencies. According to an investigation by Gizmodo, U.S. school districts are also amongst its users. For example, Cypress-Fairbanks ISD in Texas confirmed using Oxygen Forensics' tools to extract data from students' phones for "evidentiary purposes."

Oxygen Software’s tools are often sold through regional resellers, such as Softline, which has offices in Kazakhstan, Tajikistan, Turkmenistan, and Uzbekistan.

Internal MISP references

UUID d43ce746-2623-4f12-8e63-2e26bed3e0a8 which can be used as unique global reference for Oxygen Software in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.oxygenforensics.com/en/']

Paladion

Paladion was an India-based company that develops surveillance tools for use by governments, law enforcement agencies, and corporations. Among its offerings is an SSL Interception and Decryption System, designed to perform covert man-in-the-middle attacks, enabling the monitoring of encrypted communications, including banking transactions and Gmail. Paladion marketed a link analysis tool that maps relationships between individuals, identifying key connections within groups for extended surveillance. This tool integrates with the client's Internet Monitoring System (IMS), a scalable framework capable of nationwide surveillance, offering real-time analysis, long-term data storage, and proactive detection of new targets for deep intelligence gathering.

Paladion maintained offices in India, the U.S, Oman, Saudi Arabia, United Arab Emirates and United Kingdom.

The company was acquired by Atos in 2020.

Internal MISP references

UUID 222d8766-40a5-4806-98bf-9d49e8a54262 which can be used as unique global reference for Paladion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Palm Beach Networks

Palm Beach Networks (formerly known as Defense Prime) is a spyware company with roots in both the U.S. and Israel, operating out of Barcelona, Spain. According to an investigation by TechCrunch, the company specializes in offensive cybersecurity, including the development of zero-day exploits and spyware implants. It has undergone several rebrandings, transitioning from Defense Prime to Palm Beach Networks and later to Head and Tail, with overlapping executives across these entities.

According to Intelligence Online, the company's Israeli founders, Yigal Sharon and Yosef Aloni, previously worked for US investment fund Black Dragon Capital. The third founder is Yaacov Nir. The company’s Chief Technology Officer, Alexey Levin, is a former researcher at NSO Group and Candiru, two Israeli spyware firms. Levin has been involved in recruiting top-tier Israeli talent, offering high salaries and relocation packages to Barcelona.

In 2023, it was negotiating to acquire intellectual property and government contracts from the Israeli cyber-intelligence firm Quadream, focusing on its contracts in Asia.

Internal MISP references

UUID d3e031df-68ca-4eac-b040-7dbe508c23c8 which can be used as unique global reference for Palm Beach Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Pangiam

Pangiam is a Virginia-based technology company that develops identity management, biometrics, and AI-driven security solutions for border control, aviation, and government applications. Founded by former senior U.S. Department of Homeland Security officials, Pangiam has expanded through strategic acquisitions, including the facial recognition platform veriScan and computer vision firm Trueface. One of Pangiam's flagship initiatives is its collaboration with U.S. Customs and Border Protection (CBP) on the Anomaly Detection Algorithms (ADA) project. It has also implemented facial recognition systems at various transportation hubs.

In March 2024, BigBear.ai completed its acquisition of Pangiam for approximately $70 million in stock.

Internal MISP references

UUID 2bcd4b11-61d1-4a77-8488-ada9f0f19677 which can be used as unique global reference for Pangiam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://pangiam.com/']

Paraben

Paraben Corporation is a developer of digital forensics and surveillance technology, offering tools designed for data extraction and analysis from mobile devices. Their products, such as the CSI Stick, allow for rapid and covert retrieval of data, including deleted files, from smartphones without leaving traces, specifically marketed towards law enforcement, intelligence, and corporate investigations.

Internal MISP references

UUID 0fe3d437-1ac6-427d-9820-fef4073d8317 which can be used as unique global reference for Paraben in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://paraben.com/']

Parrot

Parrot is a drone maker that integrates surveillance and reconnaissance technology into its systems. Its ANAFI USA drone is built for military and defense use, featuring a 32x zoom lens, 4K HDR video, and thermal imaging. These drones are used for military, defense, and intelligence gathering purposes, including for border control and target detection.

Parrot is a publicly traded company listed on Euronext Paris under the ticker symbol "PARRO."

Internal MISP references

UUID 9ad99436-6a4d-4ddc-bb0a-4275f383426b which can be used as unique global reference for Parrot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.parrot.com/']

PARS Defense

PARS Defense is a cybersecurity company headquartered in Istanbul that, says its website, “helps customers to solve forensic challenges in mobile world [sic].” It was included in a report by Google exposing the creation of hacking tools that have been deployed against "high risk individuals."

Internal MISP references

UUID f785a0ef-4b3e-4d34-8cfa-75811535b5c8 which can be used as unique global reference for PARS Defense in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.parsdefense.com/']

Passitora

Passitora, previously known as WiSpear, is a Cyprus-based company controlled by former Israeli intelligence commander Tal Dilian. It sells advanced surveillance technology to governments worldwide. Despite a ban on Israeli intelligence and defense exports to Bangladesh, Passitora sold spyware to the country's National Telecommunication Monitoring Centre (NTMC), a branch of the Interior Ministry responsible for monitoring internet and social media. This technology enables interception of calls, texts, and internet traffic.

The company has faced scrutiny in the past, including a scandal in Cyprus involving its SpearHead system, which was used to extract private data from people's phones without their knowledge or consent.

Passitora is part of the Intellexa Alliance, a network of companies marketing and selling spyware globally.

Internal MISP references

UUID df7ad66d-58bb-49d8-8ca2-62340dc9c6b5 which can be used as unique global reference for Passitora in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Passware

Passware is a U.S-Russian cybersecurity company that develops encryption-cracking tools that have been widely used by U.S. government agencies, including Immigration and Customs Enforcement (ICE), since at least 2010. Passware's software can bypass encryption on systems like TrueCrypt and is designed to be user-friendly, even for non-technical users. It is often bundled with other forensic tools, such as those from Oxygen Forensics, for use by law enforcement and intelligence agencies. The company's primary engineering office is in Moscow, Russia.

Internal MISP references

UUID d5f6b451-c485-4580-b926-6097da3ebd00 which can be used as unique global reference for Passware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.passware.com/']

PAT Systems

PAT Systems is a provider of surveillance technologies, including IMSI catchers and mobile interception solutions. Its products, such as the VORTEX AIR-STACK V4, are capable of intercepting and locating IMSIs and IMEIs across multiple cellular networks, including GSM, UMTS, and LTE. Founded in 1991, the company is headquartered in Miami, Florida, and operates through a network of partners across Latin America, including Argentina, Chile, Colombia, and Mexico.

Internal MISP references

UUID 47964d9e-56c8-44c3-bad9-80bafd139e0e which can be used as unique global reference for PAT Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://patsystems.us/']

PathAR

PathAR is a technology company specializing in social media monitoring analytics for intelligence gathering, with its primary product, Dunami, being used by U.S government agencies like the FBI and U.S. Customs and Border Protection (CBP). Dunami mines data from platforms such as Twitter, Facebook, and Instagram to create detailed profiles of users and map networks of association.

The Chicago Public Schools (CPS) received a $2.2 million grant in 2014 from the U.S. Department of Justice’s Comprehensive School Safety Initiative. Part of the grant was allocated to hire two intelligence analysts and to purchase Dunami, which was then used to monitor students' public social media activity. The program initially targeted 16 schools and later expanded to 24 schools, covering approximately 25,000 students.

The company is backed by In-Q-Tel, the CIA's venture capital arm.

Internal MISP references

UUID befd260f-6565-4a61-8ea8-ebba47c9626b which can be used as unique global reference for PathAR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Patternz

Patternz is an Israeli company that builds geolocation technology derived from advertising data (ADINT) with advanced spyware capabilities. Founded in 2019 by Yoad Gidron, a former technical director at Rafael Advanced Defense Systems, alongside Nimrod Schwartz and Rafi Ton of digital advertising firm NUVIAD, Patternz leverages Mobile Advertising ID (MAID) technology to track individuals' locations in real time and build comprehensive target profiles. This approach is often used to bypass the need for legal warrants and benefits from more flexible export regulations compared to traditional surveillance tools.

The company’s platform not only enables precise tracking and profiling but can also issue alerts when a target reaches specific destinations. Patternz is reportedly working on even more advanced solutions, including the integration of spyware capabilities into the ad-tech stack, potentially deploying Trojans through advertising frameworks. In January 2024, the business development firm Improvate The Future (ITF) filed a lawsuit against Patternz for alleged non-payment of services. ITF, which boasts a high-profile advisory board including former Israeli cybersecurity chief Yigal Unna and several ex-prime ministers, had previously facilitated Patternz's participation in international cyber delegations.

Udi Doenyas, Patternz’s technical director, is a former architect of NSO Group's Pegasus spyware and has been a key figure in the company’s operations.

Internal MISP references

UUID 8d0fa78e-5e4d-4eb7-bc53-96697af312b3 which can be used as unique global reference for Patternz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Pavo Group

Pavo Group is a Turkish company providing interception and threat intelligence services through its subsidiaries, such as InterProbe and Interdata, serving both military and government clients globally. Its capabilities include IMSI-catcher technology, exploiting undisclosed software vulnerabilities for intelligence purposes, cyber intelligence systems including data interception, and technologies for tracking and locating mobile devices.

Barzan Holdings, the strategic investment arm of Qatar's Ministry of Defense and the commercial gateway for the country's military defense industry, owns a stake in the company.

Internal MISP references

UUID 7c3fc40d-2959-45ac-a303-2205c50066eb which can be used as unique global reference for Pavo Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.pavo-group.com/']

pcTattletale

pcTattletale was a remote surveillance app, commonly referred to as "stalkerware", designed to secretly track people without their knowledge. The app allowed the person who planted it to remotely view screenshots and private data from the victim's Android or Windows device from anywhere in the world. Although pcTattletale marketed itself as a tool for monitoring employees, it also openly promoted its use for spying on spouses and domestic partners without their consent. The spyware required physical access to the target's device for installation and could be quickly deployed with just one click. The company also offered a "We Do It For You" service to assist in installing the spyware on a target's computer. According to TechCrunch, pcTattletale was used to compromise the front desk check-in systems at several Wyndham hotels across the United States, exposing screenshots containing guest details and customer information. The company has since ceased operations after a data breach.

Internal MISP references

UUID f81222ef-30f1-494d-a611-ccc5ebf3e835 which can be used as unique global reference for pcTattletale in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

PeekYou

PeekYou is a U.S.-based people-search engine founded in 2006 that aggregates publicly available personal info, such as your name, age, location, links to social media profiles (from sources that include Facebook, LinkedIn, Twitter/X, Instagram, TikTok), blogs, and maps out possible relatives, with all data curated into searchable profiles. The company had applied for a patent for a method that matches people's real names to the pseudonyms they use on social media, blogs and other websites.

Internal MISP references

UUID f3a5d84d-a10d-4544-bd05-300d5db9dd48 which can be used as unique global reference for PeekYou in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.peekyou.com/']

Pegasus Intelligence FZCO

Not to be confused with NSO Group's Pegasus spyware, Pegasus Intelligence FZCO is a Dubai-based technology broker founded in 2008, and which specializes in offering security solutions, signals intelligence, and cyber intelligence to military and government clients operating in "difficult environments." The company leverages a network of relationships with supposed subject matter and field experts. In 2023, Pegasus Intelligence partnered with Gedion to provide advanced surveillance equipment to primarily government clients in the Gulf Cooperation Council (GCC.) The company has also partnered with Cyabra, an OurCrowd portfolio company, in a collaboration which integrates Cyabra’s advanced AI-powered social search engine into Pegasus Intelligence’s offerings, for government and military agencies within the GCC.

Internal MISP references

UUID b9d1f680-abeb-41f7-b2b1-c141254ca4b9 which can be used as unique global reference for Pegasus Intelligence FZCO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.pegasusintelligence.ae/']

Pelco

Californian company Pelco uses monitoring equipment by Israeli company Vigilant Technologies to implement one of the largest digital monitoring systems in the world via a collaboration with NYPD in the U.S. Pelco was acquired by Schneider Electric, a French multinational corporation, in 2007. Later, in 2019, Pelco was sold by Schneider Electric to Transom Capital Group. Pelco was eventually acquired by Motorola Solutions in 2020 and remains its current owner.

Pelco cooperates with Dahua Technology, whose tools are used by the authorities in China to track, monitor and target Uyghurs.

Internal MISP references

UUID 6e2517c8-ce5a-41a6-9ad7-8c1132cf25f3 which can be used as unique global reference for Pelco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.pelco.com/']

PenLink is a software company that develops communications surveillance and data analysis solutions for law enforcement. It has become a go-to resource for agencies monitoring users across various platforms, including Google, Facebook, and WhatsApp. Its federal clients in the U.S. include the FBI and U.S. Immigration and Customs Enforcement (ICE.) PenLink's flagship products, PLX and PenPoint, enable law enforcement to collect and analyze large amounts of data, including social media interactions and telecommunications records.

In 2022, PenLink acquired GeoTime, which develops data collection and analysis software, and in 2023, it acquired the Israeli surveillance company Cobwebs Technologies, which develops software that aggregates data from phones and social media, converting it into intelligence.

In October 2025, The Washington Post reported that PenLink supplied ICE with Weblocs, a cellphone location tracking system that allows the agency to monitor individuals’ movements without obtaining a court warrant.

Internal MISP references

UUID 44c6a51e-0e1e-4433-bccb-838cff5269ec which can be used as unique global reference for PenLink in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.penlink.com/']

Perceptics

Perceptics, a Tennessee-based subcontractor, became widely known after a hack exposed sensitive data, including license plate images and drivers' photos, collected by their license plate readers for U.S. Customs and Border Protection (CBP). Perceptics has also faced criticism for its role in gathering and analyzing location data, particularly in border communities. Internal emails reveal that Perceptics engaged in controversial trials combining license plate readers with facial recognition technology, and lobbied to influence privacy legislation while downplaying their involvement in data use. The company also transferred license plate and traveler images to its own privately owned network, causing it to be suspended by CBP.

Internal MISP references

UUID 4b95086c-6ab4-4026-ae58-f8904bc768f7 which can be used as unique global reference for Perceptics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://perceptics.com/']

Percepto

Percepto is an Israeli company that develops autonomous surveillance and monitoring solutions. Its primary platform, Percepto AIM, integrates autonomous drones and ground robots to perform continuous monitoring. It's also the developer of Sparrow I, a fully autonomous drone with defense applications. These systems use AI and computer vision to provide real-time intelligence. The company's Chief Commercial Officer, Ariel Avitan, claimed the company's technology is heavily influenced by Israel's advanced defense ecosystem. Percepto's technology have also been purchased by other countries and their homeland security departments.

Internal MISP references

UUID 29bdba5d-1f55-4f96-8108-f30c28e26295 which can be used as unique global reference for Percepto in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://percepto.co/']

Phantom Technologies

Phantom Technologies Ltd. is a manufacturer of tactical intelligence and surveillance tools. Their IMSI catcher, the IMSI400, is designed to collect cellular phone identities off the air, operating across GSM, UMTS, and LTE networks, compatible with 2G, 3G, and 4G communication generations.

Internal MISP references

UUID a6d77a23-4bc0-4459-b5b7-34daa8d60d45 which can be used as unique global reference for Phantom Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://phantom-technologies.com/']

Phoenix Worldwide Industries

Phoenix Worldwide Industries is a U.S defense contractor that supplied Venezuela's government with Triggerfish devices, a specific type of IMSI Catcher in 2001. The firm also works closely with U.S. government intelligence agencies.

Internal MISP references

UUID a21b4a4a-b153-4b01-b4a9-6f8c8e3e1fcf which can be used as unique global reference for Phoenix Worldwide Industries in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Phunware

Phunware Inc. is a San Diego based that develops mobile software and blockchain solutions. Its mobile applications are designed for advertising, offering features like personalized ad targeting, location-based tracking, and cryptocurrency-powered brand loyalty programs. The firm built the official Trump 2020 re-election campaign. This app enabled the campaign to collect extensive personal data from users, including location information, contact lists, and behavioral patterns, facilitating targeted political advertising and fundraising efforts. The company’s technology, which includes geofencing and data mining capabilities, allowed the campaign to monitor supporter movements and interactions.

Internal MISP references

UUID 16ae4c04-a262-4d7c-971d-11c50d8c31f9 which can be used as unique global reference for Phunware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.phunware.com/']

PicSix

PicSix, also known as P6, is an Israeli cyber surveillance company based in Even Yehuda and run by former Israeli intelligence agents. It specializes in mobile interception technology. Their flagship product, P6Intercept, enables mass surveillance of hundreds of mobile phones simultaneously within its operational range.

An Al Jazeera investigation uncovered that Bangladesh's Directorate General of Forces Intelligence (DGFI) acquired P6Intercept through an elaborate scheme designed to obscure the transaction's true nature. The deal involved multiple intermediaries: Sovereign Systems, a Singapore-based company, facilitated the purchase in Hungary, while James Moloney, an Irish national based in Bangkok, served as a middleman. To obscure the product's Israeli origin, the contract falsely listed Hungary as the country of manufacture. This arrangement allowed PicSix to conduct business with countries that typically avoid direct dealings with Israel.

During product demonstrations to Bangladeshi intelligence officials, PicSix representatives reportedly conducted unauthorized phone interceptions in Hungary.

Another notable product in their lineup is P6-FI5, a portable interception system that creates deceptive cell towers compatible with GSM, 3G, and 4G networks. This device employs a sophisticated strategy to bypass encryption: it deliberately disrupts encrypted applications on target devices, forcing users to switch to less secure, easily interceptable communication methods. Additionally, the system can deploy malware to any device connected to its counterfeit cell tower.

Internal MISP references

UUID 6f6ea1eb-d0a3-4893-911f-84f6d9d1ff6c which can be used as unique global reference for PicSix in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.pic-six.com/']

PKI Electronic Intelligence

PKI Electronic Intelligence, headquartered in Germany, is a developer of advanced surveillance and intelligence gathering technologies tailored for law enforcement and government agencies. Among their offerings is the PKI 1650 IMSI-Catcher, a device designed to track individuals by identifying their mobile phone identities. According to their website, this system allows multiple officers to monitor information both on-site and remotely, providing real-time data and logging capabilities for intelligence purposes.

Their products also include GSM cellular monitoring systems, long range WiFi interception, WiFi clone systems and audio surveillance equipment.

Internal MISP references

UUID e13c4831-2c00-48e7-a9f2-7d2949f44547 which can be used as unique global reference for PKI Electronic Intelligence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://pki-electronic.com/']

Placer.ai

Placer.ai is a company that provides highly intrusive location analytics, using geolocation data from mobile devices to track foot traffic, consumer behavior, and real-world movement patterns.

Placer.ai admitted that its platform was used to access data on 17 Planned Parenthood locations between 2020 and 2022.

Internal MISP references

UUID 9fde5665-54b7-4e9b-a877-f152558cd293 which can be used as unique global reference for Placer.ai in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.placer.ai/']

PlateSmart

PlateSmart Technologies is a provider of AI-powered, camera-agnostic Automatic License Plate Recognition (ALPR) products. Their technology includes the ARES 3.0 system, which processes video streams from field cameras using proprietary AI-driven algorithms to extract vehicle data and make it available for search, analytics, and reporting. PlateSmart offers both static and mobile surveillance tools, including Mobile Defender, which incorporates realtime license plate recognition intelligence.

In 2016, the company announced its integration partnership with VIVOTEK, an IP surveillance provider.

Internal MISP references

UUID f8e7d401-c848-4488-bffc-5fbe1eb2d8a1 which can be used as unique global reference for PlateSmart in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.platesmart.com/']

Polus Tech

Polus Tech is a Swiss-based company that develops and distributes surveillance technology, including IMSI catchers, which are devices capable of intercepting and tracking mobile phone communications. The company is led by Niv Karmi, a former co-founder of NSO Group.

In 2020, Polus Tech exported surveillance equipment worth 2.2 million Swiss francs to Indonesia.

Internal MISP references

UUID 00437194-dead-4e44-9952-bd652cf9f4e1 which can be used as unique global reference for Polus Tech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.polustech.com/']

PortaOne

PortaOne is a Canadian software company that specializes in developing products for telecommunication service providers. A report by Citizen Lab revealed that it was selected by Iranian cellular carrier, Ariantel, to provide mobile account creation, service provisioning, and customized integration with Iran's Legal Intercept system, a component for conducting usage surveillance and control activity.

Internal MISP references

UUID 1c8ad4c2-ad55-4bfd-b5ba-427cd23b27d9 which can be used as unique global reference for PortaOne in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.portaone.com/']

Positive Technologies

Positive Technologies is a Russian cybersecurity firm valued at over $1 billion, and which is reportedly involved in surveillance and spyware activities. The company provides network security solutions to businesses, governments, and international clients, while collaborating with Russian intelligence agencies like the FSB and GRU. In 2023, Russia's digital ministry, along with major local tech companies including Positive Technologies, met with Iran’s communications and technology ministry to discuss exporting Russian technology to Iran.

Internal MISP references

UUID 0ba633f5-5804-45af-b7ec-7b10104a536f which can be used as unique global reference for Positive Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ptsecurity.com/ru-ru/', 'https://global.ptsecurity.com/en/', 'https://www.ptsecurity.com/']

PowerSchool

PowerSchool is a provider of educational technology that collects and analyzes data on over 45 million K-12 students, representing 75% of students in North Africa. The company gathers extensive information, including demographic details, citizenship status, religious affiliation, disciplinary records, medical diagnoses, and family structure. This data is used to power predictive analytics, such as risk-scoring algorithms that assess student success based on factors like family wealth. PowerSchool's acquisitions, including Naviance, Kickboard, and Hoonuit, have expanded its reach into areas like college preparation, behavioral tracking, predictive risk scoring, and additional forms of student monitoring and surveillance.

In October 2024, PowerSchool was acquired by Bain Capital in a $5.6 billion deal.

Internal MISP references

UUID 1427e875-8473-4456-a1ba-aa6778443905 which can be used as unique global reference for PowerSchool in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.powerschool.com/']

Predicio

Predicio is a France-based company and provider of location data tracking and analytics. It collects granular location data by paying app developers for access to user data through its software development kit (SDK) called "Telescope." This data is then sold to various clients, including government agencies and private organizations. Reports indicate that Predicio's data has been part of a supply chain used by contractors working with U.S government contractors that service U.S. Immigration and Customs Enforcement (ICE) and the FBI.

Internal MISP references

UUID 083e2d73-61e3-469d-86b8-d0fe7301394d which can be used as unique global reference for Predicio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Prelysis

Prelysis provides Wi-Fi interception systems for surveillance purposes. Based in Israel, it also has a presence in Cyprus, where they have obtained export licenses for the sale of their monitoring tools to non-EU countries. It is headed by Israeli citizen Kobi Naveh, who worked for worked for the Israeli company Verint until 2014. Verint is also the company that acquired the Cyprus-registered surveillance company UTX Technologies. Bangladesh’s internal intelligence agency, or NSI, bought a system for intercepting Wi-Fi communications from the company.

Internal MISP references

UUID 3f3fc823-de48-4857-8584-c8d0687716dc which can be used as unique global reference for Prelysis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.prelysis.com/']

Presight AI

Presight AI is a spun-off arm of the Abu Dhabi firm G42, overseen by the UAE's powerful national security adviser. It supports the UAE's controversial mass surveillance activities. Presight’s marketing material describes the company’s system as having "tracked and traced millions of people and vehicles easily." The company sells surveillance technology to police forces worldwide, including software nearly identical to products popular with police agencies in China.

Internal MISP references

UUID 4519ac88-5843-4b3d-9acb-ce07d6f875f6 which can be used as unique global reference for Presight AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.presight.ai/']

Primer

Primer is a military-focused artificial intelligence company designed to support the "next-generation warfighter." It develops advanced AI solutions for mission planning, asset tracking, intelligence operations, and real-time threat detection. Its technology is capable of analyzing and synthesizing data from both classified and public sources, including surveillance, social media, and news outlets, to provide detailed intelligence for defense operations.

Primer is partnered with Palantir, a leading data analytics company, through Palantir's FedStart program. The program by Palantir offers a platform that allows companies, particularly startups, to quickly deploy their software to the US federal government and its various agencies with minimal compliance requirements.

The company's federal advisory board members include Sue Gordon, former principal deputy of national intelligence, Collin Green, a retired U.S. Navy vice admiral, and Daniel Simpson, a retired U.S. Air Force major general who was also assistant deputy chief of staff for intelligence, surveillance and reconnaissance.

Internal MISP references

UUID 0c12b6a8-cf49-4e61-8846-4fb8d631785d which can be used as unique global reference for Primer in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://primer.ai/']

PRO4SEC

PRO4SEC is a Croatia-based manufacturer that provides covert surveillance technologies tailored for military, federal, and national intelligence operations. The company uses Surface-Mount Device (SMD) technology for their surveillance equipment. PRO4SEC operates exclusively through government-certified resellers and claims to have 41 resellers across 58 countries.

Internal MISP references

UUID 9f15fe20-09aa-4f81-8503-0dac1da33a8b which can be used as unique global reference for PRO4SEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://pro4sec.com/']

Procera Networks

Procera Networks was a U.S.-based company that developed deep packet inspection (DPI) technology, which can be used for internet traffic management, censorship, and surveillance purposes. Procera's technology was also allegedly used for surveillance and censorship purposes in countries with authoritarian regimes, including Bahrain, Kuwait, Turkey, Syria and Egypt. In 2015, Procera Networks was acquired by Francisco Partners, a private equity firm, and merged with Sandvine. It now operates under that brand.

Internal MISP references

UUID 8ac7dd66-22a0-411a-82fa-8bb7f1b02225 which can be used as unique global reference for Procera Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Protect Electronic Systems

Protect Electronic Systems is a company based in the United Arab Emirates. It is one of the spyware firms detected by Google and Meta, and the company claims to be a cybersecurity firm but works with Variston, another spyware vendor, to package its spyware into products sold to government customers.

Internal MISP references

UUID e949d56c-acad-49c7-9869-2844bdabd969 which can be used as unique global reference for Protect Electronic Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.protected.ae/']

Protei

Protei is a Russia-based company that offers an extensive suite of telecommunications technologies with significant surveillance capabilities, enabling the monitoring of user communications, locations, and behaviors. Protei equipment is used by a range of telecom companies worldwide for logging internet usage as well as for blocking websites. It also offers "Smart City" related technologies for mass surveillance purposes. The company has offices in Jordan and Estonia and partners with major firms including Nokia and Oracle.

Internal MISP references

UUID e8215acb-be6c-431d-86b0-c079e03c8b5f which can be used as unique global reference for Protei in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.protei.me/']

Pwnzen Infotech

Pwnzen Infotech, a company backed by cybersecurity giant Qihoo 360, is a prominent player in China's growing surveillance technology industry. At the China International Exhibition on Police Equipment, Pwnzen showcased its advanced phone scanning systems, emphasizing their ability to extract data from overseas platforms like Facebook and Twitter. A representative highlighted a case where their technology was used to access the phone of a suspect accused of "subverting the government," retrieving data from social media accounts. They also operate in Singapore via their Singaporean subsidiary, Pwnzen Technology, under the leadership of Thomas Lim, who also works for surveillance company COSEINC, which was sanctioned by the U.S in 2021.

Internal MISP references

UUID 1ac40c50-4844-4f12-8789-2df5cf33d2c2 which can be used as unique global reference for Pwnzen Infotech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Q Cyber Technologies

Q Cyber Technologies SARL is one of the entities affiliated with NSO Group, an Israeli-based company that sells Pegasus, one of the world’s most sophisticated hacking tools, to governments and law enforcement agencies. The abuses were detailed in the Pegasus Project, a collaborative investigation by media organizations and Amnesty International revealing widespread misuse of Pegasus in multiple countries, targeting thousands of individuals. Q Cyber Technologies signs contracts, issues invoices, and receives payments from NSO Group customers.

Internal MISP references

UUID 58bf11fb-cb32-4950-826b-e9b9d5793bc9 which can be used as unique global reference for Q Cyber Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

QinetiQ

QinetiQ provides advanced communications and surveillance systems including high quality still and video photography, infra-red sensors, heat and movement detection, radar systems and LiDAR. The company can also manage the extraction, analysis and relay of data gathered through their Intelligence, Surveillance and Reconnaissance (ISR) operations.

Internal MISP references

UUID 582dc57e-ef24-4f1a-a28a-636410718286 which can be used as unique global reference for QinetiQ in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.qinetiq.com/']

Qosmos

Qosmos was a French technology company that developed Deep Packet Inspection (DPI) software. It has faced significant scrutiny for reportedly supplying surveillance tools to oppressive regimes, including Bashar al-Assad's government in Syria, confirmed by several investigations. The company's software is capable of monitoring internet traffic, which can be used to track dissidents and suppress opposition.

In 2012, French authorities opened a judicial investigation into Qosmos for its potential complicity in crimes against humanity. The company denied selling its products directly to the Assad government but faced accusations of indirectly enabling surveillance through intermediaries. Advocacy groups and human rights organizations have criticized Qosmos for failing to ensure its technology was not misused.

In 2016, it was acquired by Swedish company ENEA.

Internal MISP references

UUID 3c7d0d30-18b1-4d6e-b5f5-74633d29ab6c which can be used as unique global reference for Qosmos in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.qosmos.com']

QuaDream

QuaDream Ltd is an Israeli company that specialises in the development and sale of advanced digital offensive technology to government clients. The company is best known for its spyware marketed under the name “Reign”, which, like NSO Group’s Pegasus spyware, reportedly utilises zero-click exploits to hack into target devices. It was founded in 2014 by a group including two former NSO Group employees, Guy Geva, and Nimrod Reznik. In 2017, a company named InReach was established in Cyprus specifically to promote QuaDream products, such as Reign, outside of Israel. QuaDream utilized InReach to sell its products to its customers in order to bypass Israeli export controls. Many key employees of both InReach and QuaDream have previously worked for NSO Group, Verint, and UTX Technologies.

Internal MISP references

UUID bd4ce675-67af-44ec-bbb9-588d5b730770 which can be used as unique global reference for QuaDream in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Raedarius M8 Sdn Bhd

Raedarius M8 Sdn Bhd has been identified as one of the entities involved in the distribution and operation of FinFisher spyware in Indonesia for monitoring and surveillance purposes within the country. Amnesty International linked the entity to FinFisher by reviewing extracts of corporate records from company registers in Malaysia and Germany. Raedarius M8 in Malaysia is wholly owned by German Raedarius M8 GmbH.

Internal MISP references

UUID f4928c71-ae67-43a1-937d-97517ce49221 which can be used as unique global reference for Raedarius M8 Sdn Bhd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Rank One Computing

Rank One Computing (ROC) is a U.S.-based provider of facial recognition and multimodal biometric technologies, used by government, defense, and law enforcement agencies. Capabilities of their products include facial recognition, fingerprint, and iris recognition, alongside AI-driven video analytics. They also provide license plate recognition tools. The company has been linked to bias and errors in facial recognition, with studies showing higher error rates for individuals with darker skin tones.

Internal MISP references

UUID ea4762d7-7c8e-4046-9587-91e6694311d4 which can be used as unique global reference for Rank One Computing in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://roc.ai/']

Raviraj Technologies

Raviraj Technologies is an Indian company based in Pune that develops and distributes RFID and biometric technology to a range of countries worldwide. Its products include facial recognition software, fingerprint and palm vein scanners and iris recognition systems.

Internal MISP references

UUID 98a379df-4211-4b76-952f-24ba3f18c4ff which can be used as unique global reference for Raviraj Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.ravirajtech.com/']

RealNetworks

RealNetworks is a technology company that has developed facial recognition software designed for integration with autonomous drones. This technology, named Secure Accurate Facial Recognition (SAFR), is designed to enable real-time identification of individuals from aerial footage. It has been contracted by the U.S. Department of Defense.

SAFR is marketed globally and the company has international offices in Austria, Japan, Croatia, South Korea, United Arab Emirates, India, Indonesia, Australia, Portugal and Brazil.

Internal MISP references

UUID e940f290-e4bb-43cb-904c-22e108ecbbd3 which can be used as unique global reference for RealNetworks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://realnetworks.com/']

Rebsec Solutions

Rebsec Solutions is a "hack-for-hire" group targeting sectors like government, healthcare, and telecom in countries such as Saudi Arabia, the UAE, and Bahrain. Their campaigns reportedly involve spear-phishing and credential-stealing tactics. Google identified Rebsec Solutions as part of a group conducting malicious campaigns against targeted individuals.

Internal MISP references

UUID f7d9e1b7-7f34-4981-9a29-b59f04c53f9a which can be used as unique global reference for Rebsec Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://rebsec.com/']

RedEye

RedEye, based in Ankara, Turkey, develops a range of surveillance products, including IMSI catchers. Acquired in 2021, RedEye's technologies were integrated into Pavo Group's subsidiary, Interdata, also a developer and distributor of surveillance and intelligence tools. RedEye has clients in Malaysia, where its technologies are used for surveillance purposes by the Malaysian intelligence services.

Internal MISP references

UUID 478caa19-a172-40e4-a933-1f29d1deb56a which can be used as unique global reference for RedEye in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://red3eye.com/']

Rekor

Rekor is a developer of license plate recognition (LPR) technology, which can identify and track vehicles in real time, as well as broader data intelligence platforms that integrate with surveillance networks. Rekor's tools are capable of analyzing large amounts of data, identifying patterns, and providing actionable insights for law enforcement, government agencies, and private organizations.

Rekor also runs the Rekor Public Safety Network, an opt-in program aggregating vehicle location data from customers across the United States.

Internal MISP references

UUID 6d2b9581-8d23-4ab0-bcc6-68e6f709b053 which can be used as unique global reference for Rekor in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.rekor.ai/']

Reliance Jio

Reliance Jio is an Indian telecommunications and digital services company, and a subsidiary of Reliance Industries Limited. JioThings Limited, a subsidiary of Jio Platforms, has partnered with Indian Railways to deploy AI-powered cameras at Pune station. These cameras are capable of recognizing "blacklisted" individuals and analyzing visitor data.

Israeli company Septier has provided interception and surveillance technologies to Reliance Jio. These systems enable the extraction of voice, messaging, web browsing, and email data, with the ability to also leverage AI for data analysis.

Reliance Jio has also partnered with Guavus, a subsidiary of the French defense company Thales, to employ artificial intelligence for analyzing the vast amounts of data generated daily by its user base.

Internal MISP references

UUID 76d0d91a-6095-4c42-a4c1-09fb93235747 which can be used as unique global reference for Reliance Jio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.jio.com/']

RemoteDesk

RemoteDesk is an AI-powered remote workforce surveillance platform that combines facial recognition with continuous activity monitoring. The system uses AI-driven face scans to verify worker presence and identity, while also tracking keystrokes, messages, and behavioral patterns. It captures automated screenshots and webcam recordings, preserving them as “evidence” for each employee. In practice, RemoteDesk constantly monitors the screen and camera, scanning and recording for "suspicious" activity, tracking nearly everything a worker types, says, does, or looks at.

Internal MISP references

UUID c18436f2-c201-4b51-98a3-86cabfcc98d2 which can be used as unique global reference for RemoteDesk in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://remotedesk.com/']

Resonant

Resonant Ltd. is a technology provider in China whose tools have been used for surveillance purposes, particularly in regions like East Turkistan (renamed Xinjiang by China.) The company supplies forensic tools capable of extracting extensive data from smartphones, including passwords, call histories, messages, multimedia files, and app data. These tools are used by Chinese authorities to monitor individuals' digital activities, including accessing data from international platforms like WhatsApp, Facebook, and Twitter.

Resonant Ltd. was formerly known as Ryan Technologies, a US-based company specializing in distributing forensic, security, and law enforcement products in China. It rebranded as Resonant Ltd. and operates through subsidiaries like Beijing Ryan Wende Science and Technology and Beijing Ryan Huade Science and Technology in China.

It has partnered with numerous US-based and international companies, including Thermo Fisher Scientific, Logicube, and REI (Research Electronics International), to distribute their products in Chin

Internal MISP references

UUID 2911cb03-fe39-4b1c-bc8b-2f69f4854a8c which can be used as unique global reference for Resonant in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.resonantltd.com/']

Reveal Media

Reveal Media is a UK-based surveillance technology company specializing in body-worn cameras, including models equipped with live facial recognition capabilities. Their devices are used by several UK police forces, including British Transport Police, South Wales Police, and Leicestershire Police, offering real-time biometric identification.

The K-Series cameras utilize features like "Face Match," which allows the device to compare faces captured during patrols against a pre-configured watchlist. If a match is found, the system can trigger alerts or initiate specific actions, such as recording or streaming. Reveal Media's DEMS 360 evidence management software includes a "Face Search" function. This tool enables users to search for matching faces within uploaded images and videos.

Internal MISP references

UUID efd3f276-acbb-4959-a862-cc5d3ff48468 which can be used as unique global reference for Reveal Media in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.revealmedia.com/']

Revector

Revector is a UK-based company that develops mobile surveillance products, including IMSI catcher technology. Revector's Detector IMSI Catcher UAV 3.0 is a compact payload for UAVs that enables the detection, tracking, and control of 2G, 3G, and 4G mobile phones. Their IMSI catcher technology also comes in covert, portable, and vehicle-mounted configurations. In addition to IMSI catchers, Revector develops Wi-Fi catchers that identify devices by detecting their interactions with Wi-Fi networks.

According to the company's official website, Revector's surveillance technologies have been deployed in over 100 countries worldwide since 2002.

Internal MISP references

UUID ffd4cd19-f288-4129-ac09-c784861ca8ec which can be used as unique global reference for Revector in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.revector.com/']

Roboteam

Roboteam is an Israeli company specializing in the development and manufacturing of tactical ground robotic systems, primarily used for surveillance in urban environments. These systems are designed for a variety of applications, including military and law enforcement. Its products, such as Probot and MTGR (Micro Tactical Ground Robot), are equipped with high-resolution cameras, thermal imaging and other sensors to perform surveillance and provide the data to its operators, who can make real-time decisions based on the intelligence gathered. Elbit Systems is one of its shareholders. In June, 2024, Roboteam entered an agreement with Psagot, a prominent investment management firm based in Israel, to buy all of the company's shares.

Internal MISP references

UUID ac9e1c28-8778-411c-94f3-551b5f991a57 which can be used as unique global reference for Roboteam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://robo-team.com/']

Robotican

Robotican develops unmanned autonomous robots. One of its primary products, Rooster, is a versatile robotic drone utilized by the Israeli military in Gaza for intelligence gathering and surveillance. Additionally, it has gained adoption by various militaries worldwide for similar applications. Its Gallo system, designed for reconnaissance in confined spaces such as tunnels and buildings, has been delivered to the U.S. Special Operations Command (USSOCOM). It features advanced MESH communication for simultaneous operation of multiple units in communication-denied environments.

Internal MISP references

UUID d78f97f8-9d26-4098-929b-02549cdd3e6b which can be used as unique global reference for Robotican in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://robotican.net/']

Rohde & Schwarz

Rohde & Schwarz is a prominent German electronics company established in 1933. In 1996, the company introduced its first International Mobile Subscriber Identity (IMSI) catcher, a device used to intercept mobile phone communications by mimicking a legitimate cell tower to capture IMSI numbers and other data from nearby devices. Since then, it has continued to develop advanced surveillance tools, including systems capable of intercepting calls, identifying devices through their International Mobile Equipment Identity (IMEI), and supporting government and defense agencies with SIGINT (Signals Intelligence) and electronic warfare products.

Internal MISP references

UUID 1ca6fc61-cf64-453f-81f2-b3f8094d52e3 which can be used as unique global reference for Rohde & Schwarz in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.rohde-schwarz.com/', 'https://www.rohde-schwarz.com/us/home_48230.html']

Root Networks

Root Networks (RN) is an Israeli company that developed systems capable of infiltrating local area networks (LANs) and intercepting communications without requiring cooperation from telecom operators. This capability enables intelligence services to conduct long-term surveillance and execute Man-in-the-Middle attacks to access encrypted communications. Captured data is redirected via VPN tunnels for detailed analysis.

RN's technology exploits vulnerabilities in router firmware to gain remote access. By mapping and infiltrating vulnerable routers, the company establishes its own interception network, independent of traditional operators. This network allows RN to monitor target devices, such as smartphones and computers, and deploy spyware for further surveillance.

Root Networks was founded by Avi Yarim, a former Rayzone Group specialist, and was led by CTO Shahar Mor, an ex-cybersecurity researcher at Verint. The company shares investors with Rayzone Group, including prominent figures like Yohai Ben-Zakai, a former deputy commander of Unit 8200, and businessman Eran Reshef.

Internal MISP references

UUID e42b3b5c-89c0-46a0-a587-f41b0ea1f64e which can be used as unique global reference for Root Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.root-nt.com/']

Rostelecom

Rostelecom is one of the largest providers of Russia's telecommunications infrastructure. It offers services such as broadband internet, mobile telephony, IPTV, and cybersecurity solutions. As a state-owned enterprise, Rostelecom primarily services government sectors. Apart from cloud-based video surveillance systems, the company also deploys Deep Packet Inspection (DPI) technology.

Rostelecom is a SORM (System for Operative Investigative Activities) provider, facilitating state surveillance by enabling Russian authorities to monitor communications.

Internal MISP references

UUID 50620d64-7958-484f-aa0d-a1e5bba0a455 which can be used as unique global reference for Rostelecom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.company.rt.ru/en/', 'https://www.company.rt.ru/']

RT LTA Systems

RT LTA Systems Ltd. is an Israeli company that designs and builds tethered surveillance balloons called SkyStar aerostats. Besides making the balloons, the firm trains operators and supplies spare parts and technical help. It is used by the Israeli police and military, and was deployed by the Municipality of Jerusalem to spot protests. The company's founder and CEO, Rami Shmueli, previously served as the head of the aerostats department in the IDF's 8200 unit. The company's American subsidiary is RT Aerostat Systems, Inc., which is based in Texas.

Internal MISP references

UUID 0ec9679c-5e04-4fb4-a839-7805a3fbcbc5 which can be used as unique global reference for RT LTA Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.rt.co.il/', 'https://www.rtaerostat.com/']

S2T Unlocking Cyberspace

S2T provides AI-powered surveillance technologies. According to Haaretz: "S2T was founded in 2002 by entrepreneur Ori Sasson. It claims to have dozens of clients across five continents and employs people from intelligence agencies in the U.K., the U.S., Russia and Israel, as well as local law enforcement in the Middle East, South and Central America and Asia."

According to an investigation by Forbidden Stories, the company KS Process and Software Ltd., shares at least one address and phone number with S2T.

Internal MISP references

UUID ea635ecd-8564-41c2-8e47-88dfcbf06a5a which can be used as unique global reference for S2T Unlocking Cyberspace in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.s2t.ai/']

SafeGraph

SafeGraph is a data broker known for collecting and selling aggregated location data derived from mobile apps. The company has faced significant criticism for selling data related to visits to sensitive locations, such as abortion clinics, including Planned Parenthood facilities. This data, marketed under its "Patterns" product, tracks where visitors come from, how long they stay, and where they go afterward.

In addition to its commercial ventures, SafeGraph has expanded its operations into government and military contracts. Notably, it secured a contract with the U.S. Air Force to provide data for purposes such as analyzing human activity for military operations. The company also markets its data for monitoring "adversaries" and supporting intelligence initiatives.

SafeGraph's investors include In-Q-Tel, the VC arm of the CIA, Peter Thiel and the former head of Saudi intelligence.

Internal MISP references

UUID 9f009383-7cee-4d75-9521-51eb9871d55d which can be used as unique global reference for SafeGraph in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.safegraph.com/']

safeXai

safeXai is the entity that has quietly resumed the operations of Banjo, a digital surveillance company whose founder, Damien Patton, was a former Ku Klux Klan member who’d participated in a 1990 drive-by shooting of a synagogue near Nashville, Tennessee. Banjo developed real-time surveillance technology that monitored social media, traffic cameras, satellites, and other sources to detect and report on events as they unfolded. In Utah, Banjo's technology was used by law enforcement agencies.

Internal MISP references

UUID f7d165a5-5b32-4ddd-9ff7-41a360631b45 which can be used as unique global reference for safeXai in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.safex.ai/']

SalvationDATA

SalvationDATA, which also operates under the name XLY Technology, is a Chinese company that develops digital forensics and data recovery technologies, providing tools primarily for law enforcement and intelligence agencies. The company's products are able to extract, analyze, and recover data from various digital devices, including mobile phones, computers, and storage systems.

SalvationDATA has established partnerships with security and intelligence agencies in multiple countries, including Myanmar, where it has provided forensic systems to assist in data analysis and surveillance operations.

Internal MISP references

UUID 80357900-75da-4731-a7b6-7892e9ec76db which can be used as unique global reference for SalvationDATA in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.salvationdata.com/']

Sandvine Inc

Sandvine was originally founded in 2001 as Procera Networks, a company that developed deep packet inspection (DPI) technology for network. Procera Networks was a U.S.-based company that developed deep packet inspection (DPI) technology, which can be used for internet traffic management, censorship, and surveillance purposes. Procera's technology was also allegedly used for surveillance and censorship purposes in countries with authoritarian regimes, including Bahrain, Kuwait, Turkey, Syria and Egypt. Sandvine was acquired by Francisco Partners' affiliate and merged with Procera Networks. In February, 2024, the U.S. Commerce Department (DOC) added Sandvine to its Entity List, restricting its access to U.S. technology, specifically because it provided Egypt with surveillance technology used to target activists and dissidents. The DOC removed Sandvine from the Entity List in October, 2024, after the company promised to "undergo transformative changes."

The company has since rebranded to AppLogic Networks.

Internal MISP references

UUID ef479896-19a1-40e6-83a3-5ed8cc1f90e0 which can be used as unique global reference for Sandvine Inc in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.sandvine.com']

SCL Group

The SCL Group, formerly known as Strategic Communication Laboratories, gained notoriety primarily through its subsidiary, Cambridge Analytica. SCL Group and Cambridge Analytica were involved in various activities related to data collection, unauthorized access to personal data, and influence/manipulation campaigns. The data was collected from Facebook through an app called thisisyourdigitallife.

Internal MISP references

UUID 6ee5fed5-2e16-41ba-937f-e27abe0a67ea which can be used as unique global reference for SCL Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Scylla

Scylla is an AI-powered surveillance system that claims to be capable of detecting and classifying human features and behaviors in real time. It has been tested by the U.S. Department of Defense at military installations.

Scylla's surveillance products are used by a variety of industries beyond the military. These include private security companies, corporate facilities, retail businesses, educational institutions, and public venues like stadiums and airports.

Internal MISP references

UUID e1d0ad75-b37b-431a-8e4b-76f2d6fb2ed3 which can be used as unique global reference for Scylla in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.scylla.ai/']

SearchInform

As a SORM provider, SearchInform enables the Russian authorities to monitor, intercept, and analyze communications data including phone conversations, emails, and text messages transmitted across Russian networks. The company possesses special authorization to sell and implement SORM surveillance technology under license from the Federal Security Service (FSB) of Russia.

In 2019, the company announced the development of ProfileCenter, a psychological surveillance software that monitors and analyzes all employee communications in real-time. The system builds psychological profiles of employees based on their communications, assessing motivation levels, ideological beliefs, and loyalty metrics. The technology can detect criticism of a company, and monitors emails, social media platforms, and messaging services.

Founded in 1995 as SoftInform, it rebranded to SearchInform in 2009 and is headquartered in Moscow.

Internal MISP references

UUID 7da629fc-e30d-41f7-b710-69dbc4eaf058 which can be used as unique global reference for SearchInform in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://searchinform.com/']

Semptian

Semptian, a Chinese company, manufactures surveillance tools used by authoritarian governments across the Middle East and North Africa. These tools, including the Aegis system, Owlet, Falcon, and HawkEye, enable extensive monitoring of citizens' digital activities and communications. Its technologies are also capable of intercepting emails, such as Gmail (through a tool called Gmail Retriever), and analyzing vast amounts of data for surveillance purposes. They also develop GSM geo-location tools and the POMS (Public Opinion Monitoring System) platform for social media monitoring.

Semptian collaborates with American companies like IBM and Xilinx to enhance its surveillance capabilities, despite concerns over human rights abuses in the regions where its technology is deployed. The company's devices intercept phone calls, texts, and internet usage.

Headquartered in Shenzhen, the company is led by its founder Chen Longsen, also known as George Chen, who previously served as the director of the local branch of the American cryptography and computer security company SafeNet.

Internal MISP references

UUID 48d8f2ed-5930-4c61-be66-2766f34057fc which can be used as unique global reference for Semptian in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.semptian.com/']

Senao Networks

Senao Networks, based in Taiwan, is a developer of AI and cloud based surveillance products. The company claims to combine edge-to-cloud AI processing with advanced contextual recognition capabilities, as well as the ability to detect and classify people and vehicles with detailed attributes like clothing color, facial recognition, and license plate identification.

Internal MISP references

UUID 61ea818b-474b-4880-9d62-d1e18590b8ba which can be used as unique global reference for Senao Networks in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.senaonetworks.com/en/', 'https://www.senaonetworks.com/']

SenseNets

SenseNets, a Chinese company that provides facial recognition software and video-based crowd analysis, is heavily involved in surveillance activities, particularly in East Turkistan (renamed Xinjiang by China.) The company operates a massive database that has been used to monitor the Uyghur population.

In 2019, Victor Gevers, a Dutch security researcher, discovered that SenseNets had left a database exposed online without authentication. This database contained sensitive personal information on over 2.5 million individuals, including names, ID card details, home addresses, photos, and GPS tracking data. The system actively recorded millions of GPS coordinates daily, tracking individuals' movements across locations such as mosques, hotels, police stations, and restaurants. The database also included information on public camera locations, suggesting integration with government surveillance infrastructure.

SenseNets is part of China's Skynet Project, a national mass surveillance system. The company also has connections to prominent AI researchers and institutions, such as the Chinese University of Hong Kong, as well as other major Chinese surveillance firms like SenseTime and Hikvision.

Internal MISP references

UUID 9fe9e8ed-94bf-4705-b12b-fc4e21054109 which can be used as unique global reference for SenseNets in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

SenseTime

SenseTime is a leading Chinese AI company specializing in facial recognition and computer vision technologies. Their advanced algorithms enable real-time detection of faces and objects. It has been under scrutiny for its role in Uyghur surveillance.

Internal MISP references

UUID 2eea1c81-cb8b-442c-9c38-eea36fd6bcca which can be used as unique global reference for SenseTime in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.sensetime.com/']

Senstar Technologies Corp

Formerly known as formerly known as Magal Security Systems Ltd, Senstar Technologies incorporates analytics software and fiber optic sensing into a suite of surveillance solutions, enabling functionalities like facial recognition, license plate recognition, object tracking, and behavior analysis. They have reportedly sold surveillance equipment to over 100 countries worldwide. In 2021, the company completed the sale of their Integration Solution Division to Aeronautics Ltd., a subsidiary of Israeli defense technology company Rafael Advanced Defense Systems Ltd. As part of the acquisition, Aeronautics acquired Senstar's facility in Yehud, Israel. They have development and manufacturing facilities located in Canada, and sales and support offices in the US, EMEA, China, and APAC regions.

Internal MISP references

UUID 5dd0d0c6-180f-4ab2-8946-4f866f7414ef which can be used as unique global reference for Senstar Technologies Corp in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://senstar.com/']

Sentrillion

Sentrillion is a U.S. systems integrator that develops, installs, and maintains integrated surveillance technologies primarily for border control. Its portfolio includes video and audio surveillance, intrusion-detection sensors, facial recognition software and perimeter barriers such as gates and bollards. The company has been a technology partner to U.S. Customs and Border Protection (CBP) for more than 15 years, supplying and servicing surveillance networks along land borders, seaports, and airports.

In 2024, CBP has awarded Sentrillion nine contracts totaling $36.7m to expand camera-based monitoring and biometric verification systems.

Internal MISP references

UUID 6461329a-82fd-46a0-8c97-c327f79002c3 which can be used as unique global reference for Sentrillion in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://sentrillion.com/']

Sergek

Sergek is a surveillance and smart city platform developed in Kazakhstan. It integrates a network of cameras and sensors with data analysis tools to monitor people, traffic and assist law enforcement. The system is capable of facial recognition, tracking vehicles, and analyzing human mobility patterns in real time. Its adoption has drawn international attention, with countries like Indonesia exploring its capabilities for potential implementation for surveillance purposes.

The management of Sergek's surveillance network in Astana has been handed over to a UAE-based company, Presight, which supports the UAE's controversial mass surveillance activities.

Internal MISP references

UUID 027d9e70-fd2d-4c95-ba27-3d56804f00c0 which can be used as unique global reference for Sergek in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://sergek.tech/']

ShadowDragon

ShadowDragon is a company that develops surveillance software that can identify aliases and collect personal data from various online sources in minutes. It is known to be used by the Polk County Sheriff's Department in Des Moines, Iowa as well as Michigan police departments, the Massachusetts State Police and other police departments throughout the U.S. It is also a contractor for the US government, including for the Immigration and Customs Enforcement (ICE.)

Its SocialNet tool enables government agencies to access and analyze publicly available data from over 200 websites, apps, and social networks. These include major platforms like Meta (Facebook, Instagram, Threads), TikTok, Telegram, Bluesky, Discord, and niche sites such as BeReal, FetLife, and Chess.com. SocialNet allows clients to input various identifiers (e.g., email, alias, or phone number) to uncover connections, map activities, and track individuals' digital footprints. The tool is marketed as capable of identifying relationships, interests, and physical locations. Its other products include OIMonitor, MalNet, Spotter, and Horizon.

Internal MISP references

UUID 55cc4092-f7eb-4dfb-bb46-df0ff14a4db2 which can be used as unique global reference for ShadowDragon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://shadowdragon.io/']

Shield AI

Shield AI develops AI-powered drones for intelligence gathering and surveillance in military operations. Its products include battlefield drone swarms, unmanned aircraft like the V-BAT, and advanced AI systems such as Hivemind, which enable autonomous mission execution across air, land, and sea with intelligence, surveillance, and reconnaissance (ISR) capabilities. In July 2024, Shield AI's V-BAT secured a $198 million contract with the U.S. Coast Guard. It has also partnered with companies like Haivision and Sentient Vision Systems to enhance full-motion video AI object detection and wide-area surveillance with ViDAR technology.

Israel uses its self-piloting drones in Gaza.

Internal MISP references

UUID 53dbd20b-178f-4b27-8111-b8b4cef6c12a which can be used as unique global reference for Shield AI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://shield.ai/']

Shoghi Communications

Shoghi, an Indian cyberintelligence firm founded by Harish Gupta, rose to prominence in the late 2000s under the leadership of Anant Bindal, a businessman from a powerful family in India. The company secured a large $200 million contract to supply India's external intelligence agency, the Research and Analysis Wing (R&AW), with advanced interception technologies, including IMSI-catchers and COMINT tools.

The company became internationally recognized when it was named in WikiLeaks' "Spy Files" as part of a global surveillance industry catering to governments and intelligence agencies.

Bindal later relocated to the UAE, where he founded Stratign, a Dubai-based firm that mirrors Shoghi's model of distributing and integrating interception solutions sourced from other companies.

Internal MISP references

UUID 15c6006b-5ef5-4da0-b27b-661752577a59 which can be used as unique global reference for Shoghi Communications in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.shoghicom.com/']

Signatek

Signatek is a Russian company that provides SORM (System for Operative Investigative Activities) equipment, which is used for state surveillance and interception of communications.

The company has supplied this technology to Kyrgyzstan, enabling the government to monitor and control communications within its borders. SORM systems are part of Russia's broader strategy of exporting surveillance technologies to neighboring countries, often aligning with authoritarian practices of information control. It markets SORM systems under the brand name “Visir (“Визирь).

Internal MISP references

UUID c4091757-f092-4760-b2b2-9266b2aeee6d which can be used as unique global reference for Signatek in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://signatec.ru/']

Silicon Forensics

Silicon Forensics provides digital forensics and surveillance tools used by law enforcement, military, and enterprise security teams to extract and analyze data from digital devices. Their products include tools like Hancom MD-LIVE, which enables rapid data acquisition from smartphones. They also distribute Tableau hardware for write-blocked data acquisition. Additionally, Silicon Forensics supplies password recovery and decryption tools, chip-off and JTAG extraction systems, and cloud forensics kits. These tools are used to bypass device locks, recover deleted content, extract data from encrypted sources, and monitor communication platforms.

Internal MISP references

UUID 64e02b9e-9281-4221-aa52-10b43ca78910 which can be used as unique global reference for Silicon Forensics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://siliconforensics.com/']

SimilarWeb

Founded in Tel Aviv in 2007, SimilarWeb acquired the popular browser extension Stylish in 2017 and added spyware that collected the browsing history and personal information of its users.

Internal MISP references

UUID 1a677423-a947-437a-b0b9-64cce3c48309 which can be used as unique global reference for SimilarWeb in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Sinovatio

Sinovatio is a Chinese company that develops and deploys various surveillance technologies. The company creates high-tech solutions for video surveillance, facial recognition, and AI-powered monitoring systems, including incorporating AI to enhance the capabilities of traditional CCTV networks.

Internal MISP references

UUID 77212630-32ec-4168-8a83-281385aeaca9 which can be used as unique global reference for Sinovatio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.sinovatio.com/']

SIO

SIO is an Italian spyware company that distributes malicious Android apps designed to steal private user data. The spyware, known as "Spyrtacus," was used to target individuals by masquerading as legitimate applications, like WhatsApp.

Internal MISP references

UUID 2cbe733e-cd7b-4c53-a41e-e4aafefc5f2c which can be used as unique global reference for SIO in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.siospa.it/']

Sirchie

Sirchie is a developer of surveillance products used by law enforcement and government agencies in over 140 countries. The company's surveillance gear is often sold through direct contracts with police departments, border control units, and military agencies, particularly in the U.S., Latin America, the Middle East, and parts of Europe and Asia. The company's international reach and export of surveillance technologies are also supported by U.S. government agencies, including through grants and law enforcement aid programs.

Its products include surveillance vehicles, portable video surveillance systems, hidden audio and video recording devices, license plate recognition systems, mobile device forensics, and GPS-based tracking and monitoring tools.

Internal MISP references

UUID b5ea1085-80d8-4ad1-8ea8-07e99595958d which can be used as unique global reference for Sirchie in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.sirchie.com/']

Skopenow

Skopenow is a surveillance and investigative tool that aggregates publicly available data from social media platforms, websites, and other online sources to create detailed profiles of individuals. It is designed to assist law enforcement, private investigators, and corporate security teams in identifying, tracking, and analyzing individuals' online activities. The platform automates the process of collecting and organizing information, such as social media posts, photos, connections, and public records, with the primary purpose of profiling and monitoring targets. Its AI capabilities allow it to identify patterns, connections, and relationships between individuals, as well as extract relevant insights from unstructured data like images, videos, and text.

Skopenow is commonly used by police departments.

Internal MISP references

UUID f97b1d22-28a8-469a-96f5-6cd26c2c27a0 which can be used as unique global reference for Skopenow in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.skopenow.com/']

Skydio

Skydio, founded in 2014, is a U.S. drone manufacturer and developer of autonomous flight technology. The company develops and distributes in AI-powered drones equipped with autonomous capabilities and computer vision systems. Since launching their R1 drone in 2018, Skydio has served over 1,200 enterprise customers including every branch of the U.S. military.

Skydio became the first U.S. drone company to reach a $1 billion valuation, generating over $100 million in annual revenue in 2023, with 30% coming from software solutions. The company has a local office in Israel and sells its drones to the Israeli military. The Israeli company DefenSync is its authorized partner in Israel.

Based on a report by Theia Chatelle, the Yale Police Department (YPD) utilized Skydio drones as part of their surveillance program targeting pro-Palestine student protesters.

According to a Wired investigation, a Skydio X10 drone equipped with multiple high-resolution cameras, thermal imaging, powerful zoom capabilities, and onboard AI was detected monitoring pro-Palestine protesters at the Democratic National Convention in Chicago, with the same drone later being spotted above the Israeli consulate during subsequent protests.

In October 2025, The Washington Post revealed that Skydio provided the U.S. Immigration and Customs Enforcement (ICE) remote-controlled drones, reportedly used to film protesters and monitor public demonstrations.

Internal MISP references

UUID 22b7c783-c6a8-4cbe-a336-64c0498e2dac which can be used as unique global reference for Skydio in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.skydio.com/']

Skypearl

Skypearl Ltd, a discreet Israeli start-up co-founded by Sergey Vichik, a former Google X engineer, and Ori Gonen, a former Israeli military officer, is a developer of stratospheric Intelligence and surveillance platforms. Their products include spy balloons for intelligence operations.

These semi-autonomous balloons, part of the classified Tzafon Aerostat programme, were deployed since 2023 over Gaza. Equipped with technologies such as gyroscopic stabilization, AI-driven altitude control, SIGINT sensors, Lidar, and multispectral imaging systems, the balloons silently monitor and surveil populations in real time.

Skypearl has minimal public presence, with its headquarters registered in Herzliya and no official website or trade show appearances.

Internal MISP references

UUID 0992c5b6-989f-433f-9e6b-2e469556d869 which can be used as unique global reference for Skypearl in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Smart Communications

Smart Communications, a Florida-based company, provides surveillance and communication tools to over 150 prisons and jails across more than 25 U.S. states. Its MailGuard product digitizes postal mail sent to incarcerated individuals by scanning letters at remote facilities and uploading them as PDFs for inmates to view on tablets.

The company also offers a surveillance system called Smart Tracker, which monitors not only the communications of incarcerated individuals but also those of the public who correspond with them. This system collects a wide range of data, including home addresses, IP addresses, email addresses, GPS locations, device information, and any linked accounts. By requiring users to create accounts through its "Smart Jail Mail" portal, the company ties this data to specific individuals, creating a detailed profile of those who communicate with prisoners. They also provide a searchable database of all messages sent and received by prisoners, along with identifying information about senders.

Internal MISP references

UUID 9f1a5b98-af15-4969-a4dd-3a5ef3a56a02 which can be used as unique global reference for Smart Communications in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.smartcommunications.us/', 'https://www.smartcommunications.us/mailguard.cfm']

Smartware

Smartware was a Russian surveillance technology provider that developed the Random Information Collection System (KRIT), a tool used by Russia's Ministry of Internal Affairs to closely monitor online discussions, news coverage, and social media activity.

Internal MISP references

UUID a8687724-b6c3-4a32-9767-98ce43d8505c which can be used as unique global reference for Smartware in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Snaptrends

Snaptrends was a social media monitoring and surveillance platform that developed ways to analyze geotagged social media posts and conversations in real time. The platform was marketed to law enforcement agencies, schools, and other organizations, enabling users to track keywords, hashtags, and geographic areas of interest.

Law enforcement agencies across the United States utilized Snaptrends to track targets and monitor public events. For example, the software was reportedly used to increase arrest rates during specific operations. Snaptrends was also used to monitor students' social media activity, often in collaboration with schools.

The company promoted social media analytics tools to authorities in Azerbaijan, Bahrain, Malaysia, Turkey, and other countries known to suppress online speech, according to confidential company documents and interviews with current and former employees. Beginning in 2013, Snaptrends pursued business in Saudi Arabia, entering a $500,000 agreement with a company linked to the royal family to sell its technology. The company also engaged with the Saudi Ministry of Interior and intelligence agencies. It has also done business with the United Arab Emirates.

In 2014, Brandon Burris, Snaptrends co-founder and chief technology officer at the time, flew to Hong Kong as part of a $300,000 deal with a local holding company Faith Concord. According to corporate filings in China, Faith Concord owns BaoLiDa, which markets its ability to monitor citizens’ activities on the internet to the Chinese government.

Snaptrends faced criticism for targeting activists or disproportionately affecting marginalized communities. These concerns led platforms like Twitter to sever ties with Snaptrends, cutting off access to their data in 2016. Snaptrends ceased operations later that year, laying off its staff and shutting down quietly.

Internal MISP references

UUID 3752ffab-62e5-4fd6-8888-1e4c95e02023 which can be used as unique global reference for Snaptrends in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://snaptrends.com/']

Social Sentinel

Social Sentinel, now known as Navigate360, is a technology monitoring company that tracks students' social media behavior, claiming to identify risks of self-harm or violence on campuses and alert administrators. Reports indicate that the service has been used to monitor student protests and scrutinize individuals who have lodged complaints against university administrations.

According to the Dallas Morning News, campus police used it to surveil student protests. Their investigation also uncovered that the company promoted its services to various universities as a way to manage and prevent protests. The documents suggest the company is expanding its scope, offering tools for monitoring student emails on university platforms.

Internal MISP references

UUID 3766299c-dda2-4841-842c-2edb94d10784 which can be used as unique global reference for Social Sentinel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://navigate360.com/']

SOSi

SOS International LLC (SOSi) is a company that helps government agencies track down people. In October 2025, ICE contracted SOSi for $7 million to perform "skip tracing services", essentially locating individuals who are difficult to find. The company employs image recognition technology that can match faces and license plates to databases, which includes facial recognition capabilities.

SOSi operates internationally. The company is headquartered in Reston, Virginia, but maintains offices and customer engagements in at least 40 countries worldwide.

Internal MISP references

UUID eccdfd97-bb1a-4837-bdf9-d94c2b76c009 which can be used as unique global reference for SOSi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.sosi.com/']

SoundThinking

SoundThinking was formerly known as ShotSpotter, Inc until it changed its corporate name in 2023. ShotSpotter, which retained its name as a product after the rebrand, relies on a network of acoustic sensors that monitor urban environments, effectively turning public spaces into zones of constant surveillance. The accuracy of ShotSpotter has been called into question, with reports indicating that the system can misidentify sounds, leading to unnecessary and dangerous police deployments as well as over-policing in various communities. ShotSpotter is linked to more than 100 law enforcement agencies in the U.S.

Another one of their products, CrimeTracer, functions as a police database and search engine, repackaging and sharing vast amounts of data across a range of law enforcement agencies. The company further consolidated its position in the surveillance industry after acquiring Geolitica, the firm behind PredPol, a predictive policing technology criticized for exacerbating racial inequalities by directing police to already heavily surveilled communities. This merger builds on SoundThinking's previous acquisition of HunchLab in 2018 to provide AI-driven analysis and “predictive policing.”

In addition to police departments, SoundThinking also has contracts with the U.S. Department of Defense in the military market and also maintains a partnership with Israeli weapons manufacturer Airobotics.

Internal MISP references

UUID 6702c2e2-cebf-4f1d-bf84-6adcd67761b1 which can be used as unique global reference for SoundThinking in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.soundthinking.com/']

Specialnie Technologie

Specialnie Technologie, also known as Special Technologies, is a St. Petersburg-based company and a SORM provider recommended by Russia's Federal Security Service (FSB). Their systems gained prominence during the 2014 Sochi Olympics, where it was extensively deployed as part of the surveillance operations coordinated by the FSB.

Internal MISP references

UUID 3c578c5b-1df0-4b0d-9c25-5507746f6aee which can be used as unique global reference for Specialnie Technologie in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Speck Systems

Speck Systems Limited is an Indian company that develops aerial surveillance systems and defense technologies. The company provides advanced tools for mapping, remote sensing, and geographic information systems (GIS) primarily for defense and law enforcement applications.

The company has been involved in collaborations with international partners, including Israel Aerospace Industries (IAI), to develop and supply unmanned aerial vehicles (UAVs).

In 2025, it was acquired by Bondada Engineering.

Internal MISP references

UUID 588a4680-142f-45c6-9463-97ddebf230de which can be used as unique global reference for Speck Systems in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

SpeechPro

SpeechPro, a Russian company specializing in speech recognition, facial recognition and voice biometrics, has its origins linked to a secretive Soviet technologies unit that operated under the KGB. According to Wired, the company's roots can be traced back to the Sharashka Marfino, a special prison for engineers and scientists during the Stalin era. In this facility, individuals plucked from various labor camps were coerced into developing technologies, including voice identification systems used for monitoring calls to foreign embassies in Moscow. According to its website, it worked with Saudi's Ministry of Interior to install an audio forensic lab in the Kingdom. The country operates in Russia under the name Speech Technology Center (STC.) In 2019, Sberbank, the state-controlled financial powerhouse, finalized the acquisition of a 51% stake in STC. Additionally, Digital Horizon, a venture capital and business incubator firm with offices in Moscow and Tel Aviv, also secured a stake in STC.

Internal MISP references

UUID cfe09357-8543-43b2-85d3-93bfc7dca9ae which can be used as unique global reference for SpeechPro in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://speechpro.com/']

Spire Solutions

Spire Solutions is a distributor of Israeli surveillance and interception technologies in the United Arab Emirates. It's one of the primary distributors for XM Cyber, led by former Mossad chief Tamir Pardo and whose partnerships include Rafael Advanced Defense Systems, an Israeli defense technology company behind sophisticated surveillance systems. The company also distributes technology from the Israeli firms Check Point Software Technologies Ltd and CyberArk Software Inc. Spire Solutions actively markets defense and intelligence tools from Germany's Rola Security Solutions.

In addition, Spire has been working with Russian-Singaporean firm Group-IB, Britain's Digital Shadows and US company ThreatConnect.

Internal MISP references

UUID a0501d96-4453-4056-8dc2-a32731e1561b which can be used as unique global reference for Spire Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.spiresolutions.com/']

Spireon

Spireon is a provider of vehicle intelligence solutions, and has been providing location and telematics data to U.S. immigration enforcement agencies, including Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP). These agencies have utilized data from Spireon's GPS tracking systems to monitor vehicle movements. In February 2022, Solera Holdings, a global provider of vehicle lifecycle and fleet management software, announced its acquisition of Spireon.

Internal MISP references

UUID 36a5dfe3-8885-44a6-b1b9-2bcd393f7718 which can be used as unique global reference for Spireon in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.spireon.com/']

Staqu

Staqu Technologies, an Indian AI startup, provides facial recognition technology to various government agencies in India. Its tools are used by law enforcement in multiple states, including Uttar Pradesh. The company has developed Crime GPT, an advanced AI-powered platform designed to assist law enforcement agencies. Crime GPT integrates generative AI capabilities with tools like facial recognition, voice-based search, and biometric analysis. It can process and analyze digitized records, including data from CCTV feeds, images, and audio inputs.

Trinetra 2.0, launched in collaboration with the Uttar Pradesh Police, incorporates Crime GPT to enhance policing capabilities, to provide real-time AI-assisted insights for intelligence operations. Staqu's technology is also deployed in prisons.

Additionally, Staqu has implemented other AI-driven surveillance products, such as its JARVIS platform, which is being used by the Gurugram Police for vehicle number plate recognition. This system utilizes existing CCTV cameras to automatically scan and verify number plates against official RTO data.

Internal MISP references

UUID 6a5143c7-42c4-4299-85ca-62372097a25f which can be used as unique global reference for Staqu in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.staqu.com/']

Stellar Technologies

Stellar Technologies is a developer of surveillance and artificial intelligence tools. One of its primary products is NesherAI, a facial recognition tool capable of identifying individuals even when they are wearing masks. This tool has been utilized by private groups and organizations to identify participants in protests, specifically pro-Palestine activists, students, and faculty. It has been employed to assist in reporting foreign students and activists to U.S agencies such as ICE, leading to visa revocations and deportations.

The company's other tools include CyberBird, claiming to offer "revolutionary surveillance."

Internal MISP references

UUID 263d0470-0cdc-4e9b-9624-27cc2aa91509 which can be used as unique global reference for Stellar Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://stellartecs.com/']

Stratign

Stratign offers IMSI Catcher systems designed to collect basic identities (IMSI, IMEI) of 2G, 3G, and 4G mobile phones within their coverage area. The company's IMSI Catcher systems are available in various configurations, including standalone, backpack, vehicle-mounted, and drone-mounted versions. Their features include real-time monitoring, target location tracking, and the ability to manage cellular communications effectively. The company also offers facial recognition systems.

Stratign primarily acts as a distributor, rebranding technologies from other companies and sometimes incorporating them into deals without the manufacturers' knowledge. The company is reportedly owned by Indian businessman Anant Bindal.

Internal MISP references

UUID 2cfb9b6d-e2ca-43f9-b875-d9e48eca0276 which can be used as unique global reference for Stratign in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.stratign.com/']

Sunartek Labs

Sunartek Labs, a Singapore-based surveillance technology firm founded in 2018, is a developer of intelligence products. The company, officially owned by Sumant Bindal, a former employee of Indian cyber-intelligence firm Shoghi, shares close ties with Stratign, a UAE-based defence technology provider led by Anant Bindal, the former CEO of Shoghi. Both companies offer overlapping solutions, including interception systems for phone and satellite communications, IMSI-Catchers, and advanced tools for OSINT, dark web investigations, and facial recognition.

According to the company's official website, they serve clientele across Asia, Africa, and the Middle East.

Internal MISP references

UUID dae5b549-7e32-4d7e-8d0a-7973cd43e555 which can be used as unique global reference for Sunartek Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://sunartek.com/']

SuperCom

SuperCom is an Israeli company that develops electronic monitoring and digital identity technologies. Its core product, the PureSecurity Suite, provides tools for public monitoring, including GPS tracking, home detention compliance, and individualized case management.

SuperCom's surveillance tools have been highlighted for their role in militarizing campus police forces in the U.S., where they are reportedly used to monitor and suppress student protests.

Internal MISP references

UUID 3a270424-9aaa-4cad-8d7b-718bd9402f50 which can be used as unique global reference for SuperCom in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.supercom.com/']

Support King

Support King, founded by Scott Zuckerman and headquartered in Puerto Rico, built a small but notorious catalog of stalkerware apps that secretly harvested victims’ photos, messages and location data. These products include SpyFone, the Android/​iOS spy tool marketed directly by Support King until a 2021 FTC order forced it offline after a massive data breach, OneClickMonitor, and SpyTrac, a phone-monitoring app that surfaced in 2022.

SpyTrac's leaked server data tied its freelance developers and infrastructure back to Support King, suggesting the company was trying to evade the FTC ban. The 2021 FTC decision permanently barred Support King and Zuckerman from "offering, selling or promoting" any surveillance software because they repeatedly failed to secure user data. Zuckerman is now petitioning the agency to lift that ban so he can re-enter the surveillance market.

Internal MISP references

UUID 90d01f01-2a65-44f1-b7d4-44ac987b1fdd which can be used as unique global reference for Support King in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Susteen

Susteen is a developer of mobile device forensic tools (MDFTs), which has enabled wider surveillance in U.S. schools. Originally designed for law enforcement and military applications, Susteen's tools, such as the Secure View system, allow users to bypass encryption and extract sensitive data from smartphones, including messages, photos, and app information. An investigation by Gizmodo revealed from public records that schools have quietly purchased these tools from several companies, including Susteen, with some districts spending thousands of dollars on MDFTs.

Internal MISP references

UUID c1b19c75-cf61-4226-b615-5da791358a58 which can be used as unique global reference for Susteen in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.susteen.com/']

Syborg

Syborg is a German-based provider of intelligence solutions, specifically data mining, surveillance, and lawful interception technologies. Its capabilities include Wi-Fi interception, enabling the collection, decoding, and analysis of network traffic, and telecommunications interception systems that monitor and analyze voice and data communications.

The company was acquired by the Israeli surveillance firm Verint in 2000.

Internal MISP references

UUID b29f411c-937f-4bd7-9a9c-61d8bd086ab1 which can be used as unique global reference for Syborg in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://syborg.de/']

Synergy Telematics

Synergy Telematics Pvt. Ltd, AKA Synergy, an India-based company that develops AI-powered surveillance technologies. Synergy's AI-supported surveillance systems were adopted at large-scale events like the Kumbh Mela for realtime crowd monitoring. The company collaborates closely with police agencies in India.

Internal MISP references

UUID 9ff3c6be-c0fd-449f-ac25-c55b3b06eaf0 which can be used as unique global reference for Synergy Telematics in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://stmpl.in/']

Synesis

Synesis, a Belarusian technology firm, has gained notoriety for its role in the development and deployment of facial recognition systems used by Russian authorities to monitor and suppress dissent. Its flagship product, the Kipod platform, has been instrumental in tracking political activists and protesters, particularly in the wake of Russia's invasion of Ukraine. The system has been integrated into Moscow's extensive surveillance network, which utilizes advanced algorithms to identify individuals in real-time, often leading to preemptive detentions of those critical of the government.

Despite sanctions by the U.S, EU and the UK, reports indicate that Synesis continues to operate with support from technology belonging to major U.S firms, like Nvidia and Intel, which power the performance and efficiency of its algorithms. Synesis has been able to access U.S. technology through various channels, including third-party distributors. These components enable Synesis to process large volumes of data quickly and accurately, facilitating real-time facial recognition and identification.

Internal MISP references

UUID 5e3f639b-e82a-4450-8134-94137688a458 which can be used as unique global reference for Synesis in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

SysTools

SysTools is a provider of digital forensic technologies. They also offer training programs tailored primarily for law enforcement agencies. Their email forensics tools like MailXaminer supports over 80 email clients. The company also develops workplace monitoring tools.

Internal MISP references

UUID e3feec89-1abe-48a2-8abf-ef2f780484ec which can be used as unique global reference for SysTools in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.systools.in/']

SyTech

SyTech (Сайтек) is a Russian private IT contractor known for working with Russian intelligence and military agencies, including the FSB (Federal Security Service). The company gained international attention in 2019 when it was hacked by a group called 0v1ru$, which exposed internal documents detailing its involvement in secretive surveillance projects. Some of the leaked projects include Nautilus-S, aimed at de-anonymizing users of the Tor network by collecting and analyzing their data, Mentor, designed for monitoring and analyzing social media platforms, and Hope, a project dedicated to isolating the Russian internet (Runet) from the global internet.

Internal MISP references

UUID 3d52f9bb-8595-4ab1-81ff-a8f9090e9c19 which can be used as unique global reference for SyTech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

SZ DJI

SZ DJI Technology Co., Ltd. (SZ DJI) has provided drones to the Xinjiang Public Security Bureau, which are used to surveil and target Uyghurs, Kazakh, and Kyrgyz people. The company is a major supplier of camera drones and other products to 43 countries globally, including the US, UK, and Australia. It also sold drones to the Serbian government. Key investors include Accel and Sequoia Capital.

Internal MISP references

UUID 1b148db8-e2fc-4817-91ef-df645471406f which can be used as unique global reference for SZ DJI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.dji.com/']

Tactic Labs

Tactic Labs, a subsidiary of the Avnon Group, is a developer of interception technologies, including IMSI-catchers and WiFi interceptors. A key offering is their Wi-Fi sniffer, an untraceable device that grants access to nearby Wi-Fi networks, cellular devices, and computers, allowing operators to collect private user data.

Internal MISP references

UUID 4eb99213-2dca-4f72-a06b-bbe159f4a259 which can be used as unique global reference for Tactic Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

TAG International

TAG International is a security and intelligence consultancy formed in 2021 through the merger of Axiom International and Torchlight Group. The company is one of the main recipients of funding from the UK’s Conflict, Stability and Security Fund (UKSIF). TAG International has extensive involvement in surveillance activities, deploying advanced technologies and expertise to assist governments and organizations in data and intelligence gathering and analysis.

Intelligence Online revealed that TAG International is operating a major training contract with the Saudi security forces under a secretive British government program.

Internal MISP references

UUID c1dedade-a1f6-4c8e-926a-a6bd66206d0f which can be used as unique global reference for TAG International in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://tagintdev.com/']

Tamoco

Tamoco is a data tracking startup leveraging a network of 1.1 billion proximity sensors to track the locations of approximately 100 million smartphone users. By partnering with apps that struggle to monetize, such as mobile games, offline maps, and deals apps, Tamoco integrates its tracking capabilities into these platforms. When users install these apps and accept the terms, their location data becomes part of Tamoco's network. Tamoco utilizes a combination of Wi-Fi signals, Bluetooth beacons, GPS, QR codes, and metadata (like device type, battery level, and dwell time) to track users. This data is then sold to third parties.

In 2023, Tamoco underwent an asset acquisition by PassBy, a company that also develops location-based technology.

Internal MISP references

UUID 3dd52d03-50ca-4a44-92c1-0a5cef09a013 which can be used as unique global reference for Tamoco in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.tamoco.com/']

TechOps Specialty Vehicles

TechOps Specialty Vehicles (TOSV) is a company that builds custom vehicles for law enforcement, outfitting them with various surveillance technologies. It supplied U.S. Immigration and Customs Enforcement (ICE) with vehicles equipped with cell-site simulators, commonly known as fake cell towers or "stingrays." This enables law enforcement agencies to intercept cellular signals and track mobile phones by mimicking legitimate cell towers, forcing nearby devices to connect to them.

The company is headquartered in Stevensville, Maryland. The company also maintains sales locations in Denver, Colorado, and Whitefish, Montana.

Internal MISP references

UUID 89ae1cab-d1af-4ee2-9f6b-02eea43e1471 which can be used as unique global reference for TechOps Specialty Vehicles in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.techopssv.com/']

Tekever

Tekever is a provider of surveillance drones and unmanned aerial systems (UAS) for monitoring operations. The company’s drones are equipped with artificial intelligence (AI) capabilities, enabling real-time data analysis, and its drones are designed for diverse surveillance missions, including border control. Tekever’s drones have been widely used in Frontex (EU border agency) operations and by several national coast guards and defense ministries.

Internal MISP references

UUID e242aadd-bef2-4df9-9eae-872e363caea9 which can be used as unique global reference for Tekever in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.tekever.com/']

TekhArgos

TekhArgos, established in 2009, is a company that develops, produces and deploys SORM (System for Operative Investigative Activities) equipment. SORM is a surveillance system used by Russian and CIS telecommunications operators to enable state-mandated monitoring of communications. Since 2018, TekhArgos has been part of Citadel, a prominent company servicing Russia's telecommunications surveillance industry. It is now part of Garda Telekom Гарда Телеком).

Internal MISP references

UUID 5b9dd864-dbf2-49d2-b0bc-a8b48d5d94d8 which can be used as unique global reference for TekhArgos in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://t-argos.ru/']

Teledyne FLIR

Teledyne FLIR is a developer of surveillance technology, providing thermal imaging and AI-driven solutions for border security, law enforcement, and military applications. Their border surveillance systems utilize high-performance infrared cameras, radar, and analytics to detect and track individuals. The company's products include FLIR SkyRanger R70 and R80D SkyRaider drones, which track targets and provides real-time intelligence.

It operates as a subsidiary of Teledyne Technologies, which is based in Thousand Oaks, California, USA.

Internal MISP references

UUID 4b420310-2afc-4c7c-b864-75b53e31cd92 which can be used as unique global reference for Teledyne FLIR in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.flir.com/']

Telekonta

Telekonta is a Lithuanian company that develops video surveillance technology. The company recently secured a contract to develop and implement a surveillance system along the Lithuania-Belarus border, targeting migrants.

In collaboration with the Israeli company Elbit, Telekonta has also carried out the installation of VSAT surveillance equipment for the Baltic Sea border.

Internal MISP references

UUID 55306d2c-fc84-4075-ad5e-0758d6ae2a25 which can be used as unique global reference for Telekonta in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.telekonta.lt/en', 'https://www.telekonta.lt/']

TeleStrategies

TeleStrategies provides consulting on a wide range of monitoring technologies, including Internet, phone, and location monitoring, as well as analysis, biometrics, communications monitoring, and monitoring centers. Their headquarters is located in McLean, Virginia, with additional offices across the United States. It holds various training events around the world, including in Europe, Asia, Latin America and the Middle East, targeting law enforcement, intelligence agencies, and defense officials. Hacking Team, which sold spyware to Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, Sudan, Azerbaijan and Turkey, while dismissing human rights and privacy concerns, participated in some of these trainings.

Internal MISP references

UUID ffe44f40-3c8c-45ea-9bd7-3d00a492da4c which can be used as unique global reference for TeleStrategies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.telestrategies.com/']

Telinsol

Telinsol is a UK-based satellite communications consultancy which appears to have conducted international business transactions with vendors on behalf of Ariantel, an Iranian cellular carrier that was used in an Iranian government program to monitor and manipulate people's phones for surveillance purposes.

Internal MISP references

UUID 73024abf-859b-42df-964e-118c268fe325 which can be used as unique global reference for Telinsol in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Telmate

Telmate provides digital surveillance tools used in U.S. immigration detention centers, including the Northwest Detention Center (NWDC) in Tacoma, Washington. Telmate's phone, video chat, email, and tablet services at the NWDC are provided via a contract with Talton Communications, a company that holds a contract with ICE for detainee communications services. Telmate collects extensive data and information about the people who use its phone and video systems and sells that data to various law enforcement agencies.

The company was acquired by GTL in 2017 and now operates under the name ViaPath.

Internal MISP references

UUID 977dcc21-c5e9-4549-b2c7-8d0d188d801c which can be used as unique global reference for Telmate in MISP communities and other software using the MISP galaxy

Associated metadata
Metadata key Value
official-refs ['https://www.viapath.com/']

Tengri Lab

Tengri Lab, a Kazakhstan-based tech company, is a developer of surveillance and smart city technologies. As the driving force behind the Smart Aqkol project, Tengri Lab has transformed the small town of Aqkol into Kazakhstan's first smart city. The project integrates AI-powered surveillance cameras, thermal imaging, and data analytics to monitor the public, including for details like school attendance. These systems are managed through a centralized command center, which collects and analyzes data from sensors, cameras, and GPS trackers across the city.

Internal MISP references

UUID 155db815-2465-4d0a-a670-3d91c452710e which can be used as unique global reference for Tengri Lab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.tengrilab.kz/']

Teramind

Teramind is a developer of employee monitoring software, often referred to as "bossware." Its platform offers a comprehensive suite of surveillance tools designed to track and analyze employee behavior, both in-office and remotely. Key features include live screen viewing, keystroke logging, email and social media monitoring, file transfer tracking, and sentiment analysis of communications. The software also provides productivity reports and alerts for predefined behaviors, and can monitor video and audio conversations, track GPS locations, and store extensive amounts of sensitive employee data.

Internal MISP references

UUID 8979b93c-9ce0-4aeb-81cb-a95dbdeaaf01 which can be used as unique global reference for Teramind in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.teramind.co/']

Terrogence

Terrogence, now known as SenseCy, is an Israeli surveillance company founded by former intelligence officers. It built a massive facial recognition database called Face-Int. This database is populated with facial images of thousands of individuals, collected from platforms like Facebook, YouTube, and other online sources. The company's founders, including Shai Arbel, leveraged their expertise to create tools that gather intelligence through "virtual entities" - fake online profiles designed to infiltrate social media platforms and collect data and intelligence from users.

Terrogence provides intelligence services to entities such as the U.S. government, including the NSA and Navy.

The company was acquired by the Israeli surveillance giant Verint in 2017, and is now part of a suite offered by Cognyte, which was spun off of Verint in 2021.

Internal MISP references

UUID 6b0195e5-ef5d-4368-8364-8bb085901355 which can be used as unique global reference for Terrogence in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://terrogence.com/']

Tevian

Tevian is a company that specializes in advanced computer vision technologies, particularly focusing on facial recognition and video analytics. Tevian was imposed European sanctions in July 2023 due to involvement in “serious human rights violations in Russia,” including “arbitrary arrests and detentions.”

Internal MISP references

UUID d9293409-ecd6-4f2f-b393-a1e17e07f326 which can be used as unique global reference for Tevian in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://tevian.ai/']

The Gospel

The Gospel is an AI target-creation platform which provides assasination targets in Palestine. The system has significantly accelerated the process of identifying and recommending targets, allowing Israel to strike many more locations. There are also concerns about the accuracy of the system and its heavy impact on civilians. The Gospel is powered by intel such as intercepted communications, surveillance data and information drawn from monitoring the movements and behaviour patterns of individuals and large groups in Palestine.

Internal MISP references

UUID 40d8e6c8-c0ba-4752-9502-0e6c16ac260b which can be used as unique global reference for The Gospel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

ThetaByte

ThetaByte, registered in Lithuania and founded and headed by Israeli businessman Shay Tal, created the WebMine2Go platform, a tool designed to gather data from social networks as well as the clear web, deep web, and dark web, analyzing it to uncover connections. The company offers more advanced services, including tactical communication interception, to monitor the activities of online targets.

Internal MISP references

UUID 7ccad45b-6f87-4ece-98e5-932e42a82225 which can be used as unique global reference for ThetaByte in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://thetabyte.net/', 'https://www.thetabyte.eu/index.html']

Tiandy Technologies

Tiandy Technologies is a video surveillance equipment manufacturer whose products have reportedly been used in the vast network of cameras monitoring Uyghurs in East Turkistan (renamed Xinjiang by China). Tiandy Technologies has sold its surveillance cameras to Iran’s Revolutionary Guards and other security services, according to a Tiandy website and social media posts. Intel Corp., one of America’s major semiconductor firms, lists the Chinese company as a partner, providing Intel-made processors for some of Tiandy’s video recording equipment. Intel Corp., one of America’s major semiconductor firms, lists the Chinese company as a partner, providing Intel-made processors for some of Tiandy’s video recording equipment.

Internal MISP references

UUID 7db51e00-20ba-4d8b-b80f-2a2ddd0fa103 which can be used as unique global reference for Tiandy Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://en.tiandy.com/', 'https://www.tiandy.com/']

TigerSwan

TigerSwan is a global firm founded in 2008 by James Reese, a retired U.S. Army lieutenant colonel and former Delta Force commander. The company led the surveillance operations and infiltration of the Dakota Access Pipeline (DAPL) protests at Standing Rock. Hired by Energy Transfer, the company behind the pipeline, TigerSwan used a range of methods to monitor and disrupt the Indigenous-led resistance movement. These tactics included the use of undercover operatives, aerial surveillance, social media monitoring, and the creation of detailed dossiers on activists. The firm also collaborated with law enforcement, sharing intelligence and supporting legal actions against protestors.

Following its involvement at Standing Rock, TigerSwan sought to profit from its surveillance tactics by marketing its "counterinsurgency" playbook to other energy companies. The firm created detailed marketing materials and presentations, pitching its strategies to corporations like ConocoPhillips and Dominion Energy, which were involved in other contentious oil and gas projects.

Internal MISP references

UUID 35255b75-1152-418d-98cd-95d1b61ebac2 which can be used as unique global reference for TigerSwan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://tigerswan.com/']

TKH Group N.V.

A Dutch technology company whose surveillance cameras are used to surveil Palestinians in the occupied West Bank and by prison and police agencies worldwide.

Internal MISP references

UUID 264bdb0f-a287-4355-8d69-44d165a573d5 which can be used as unique global reference for TKH Group N.V. in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.tkhgroup.com/']

Toloka

Toloka, an Amsterdam-based Yandex subsidiary, is helping develop the facial recognition software Russia uses to massively track and arrest protesters, according to research by Follow the Money, The Bureau of Investigative Journalism, and Paper Trail Media. The two Russian companies Toloka works with are both on the EU sanctions list.

Internal MISP references

UUID 08cc51bb-f819-47b5-9828-b8beb22f964b which can be used as unique global reference for Toloka in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.toloka.ai/']

Toru Group

Toru Group, run by Israeli national Assaf Elias, serves as an intermediary in facilitating the global sale of advanced surveillance and spyware technologies. The company has reportedly acted as a middleman for deals involving firms linked to Tal Dilian's surveillance empire, including Passitora and Intellexa.

In June 2021, Toru Group won a bid to supply Bangladesh with a “Vehicle Mounted Mobile Interceptor” spy vehicle. The spy van, delivered in mid-2022, is reportedly in use by Bangladeshi authorities, with its surveillance tools allegedly leading to the dismissal of police officers accused of criticizing the government in private WhatsApp groups.

Internal MISP references

UUID f9d42efb-1e4c-436f-9326-0a2e19f4b94c which can be used as unique global reference for Toru Group in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

TraceSpan

TraceSpan Communications is a developer of monitoring and interception technologies for broadband access networks. Its GPON Phantom series provide passive monitoring solutions. These systems are designed for use by law enforcement agencies to capture and analyze data from networks like VDSL, GPON, and DOCSIS.

Internal MISP references

UUID d2b08f06-911e-4d79-a963-e759eaa1dd24 which can be used as unique global reference for TraceSpan in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.tracespan.com/TS/', 'https://www.tracespan.com/']

TrackTech

TRACKtech LLC is an electronic monitoring and surveillance technology company founded by CEO Michael Hirschman, whose background in law enforcement and supervision services in Colorado inspired him to develop comprehensive tracking technologies. Their suite of surveillance products includes TRACKcase, which provides real-time visibility of all monitored devices with remote configuration, TRACKphone, an Android smartphone issued to targets to serve as a continuous location tracking device, and TRACKtether, a tamper-resistant RF bracelet.

Internal MISP references

UUID 2ec49a8d-846b-4250-8951-3d15f43991ed which can be used as unique global reference for TrackTech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://tracktechllc.com/']

Travizory

Travizory is a Swiss company that develops advanced border and surveillance technology. Its primary product, the API-PNR Targeting System, utilizes real-time traveler data, including Advance Passenger Information (API) and Passenger Name Records (PNR), to assess "risks" and identify individuals of interest before they cross borders. The system integrates AI-powered profiling and automated alerts for use by border officials, connecting governments with transport operators, and uses its AI for decision-making on which passengers to prevent from entering a country.

According to a report by Wired, Travizory uses its algorithms to analyze up to 150 variables, including travel patterns, connections to known persons of interest, and anomalies in behavior. For example, the system can flag travelers whose behavior deviates from typical patterns, such as short visits with excessive luggage or unusual spending habits. These assessments are used to generate risk classifications, which are shared with government agencies, including customs, immigration, and intelligence services. Currently operational in Kenya and the Seychelles, Travizory is also in discussions to expand its system to 20 other African countries.

Internal MISP references

UUID 303df2b4-0e0e-4bf7-8e83-f2e802901210 which can be used as unique global reference for Travizory in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.travizory.com/']

Trenchant

Trenchant, also known as L3 Trenchant, is a surveillance provider owned by defense contractor L3Harris Technologies that develops government hacking tools and zero-day exploits for Western governments. The entity was formed from the merger of two sister startups, Azimuth and Linchpin Labs, both of which were acquired by L3Harris. Trenchant operates with strictly compartmentalized teams that develop platform-specific tools, including iOS zero-days and spyware.

Internal MISP references

UUID bbff07d5-f743-4e4d-b016-e6ddfb0c71de which can be used as unique global reference for Trenchant in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.l3harris.com/all-capabilities/trenchant']

TRL Technology

TRL Technology Limited was a UK-based company that sells surveillance technology, including a product called Marlin, which can intercept calls made on satellite phone networks. The company was acquired by L-3 Communications, which later changed its name to L3 Technologies and eventually merged with Harris Corporation to form L3Harris Technologies.

Internal MISP references

UUID bcde6760-0a30-4633-b57d-9b50b98330a4 which can be used as unique global reference for TRL Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

TruePosition

TruePosition markets its "location intelligence" (LOCINT) technology to intelligence and law enforcement agencies worldwide. Over the past four years, the company has expanded its tracking technology globally. In the U.S., TruePosition sells its products to mobile carriers, although it remains vague about any usage by the U.S. government. Internationally, it supplies governments, without disclosing specific clients. Since the introduction of LOCINT in 2008, there has been significant interest from defense and interior ministries globally. In 2016, TruePosition released its TrueFix Location System. The system offers M2M/IoT capabilities, improving its location tracking services.

Internal MISP references

UUID 8359f1d9-ac1a-401f-81ff-8925fdac43f8 which can be used as unique global reference for TruePosition in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Tykelab

Tykelab, a little-known company based in Rome, has been utilizing dozens of phone networks, often located on remote Pacific islands, to send tens of thousands of secret “tracking packets” worldwide. These packets target individuals in countries such as Libya, Nicaragua, Malaysia, Costa Rica, Iraq, Mali, Greece, and Portugal, as well as within Italy itself. Tykelab exploits longstanding but often unaddressed vulnerabilities in global phone networks, allowing third parties to track phone users’ locations and potentially intercept their calls without leaving any trace on the devices. Tykelab’s parent company, RCS Lab, has also developed a powerful phone hacking tool called Hermit. Once installed on a victim’s device, Hermit can remotely activate the phone’s microphone, record calls, access messages, call logs, contacts, photos, and other sensitive data.

Internal MISP references

UUID d7aed267-9d02-4b24-99e9-6faa30ffb80c which can be used as unique global reference for Tykelab in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.tykelab.it/']

UAV Tactical Systems Ltd

A joint venture company, UAV Tactical Systems Ltd (U-TacS), based in Leicester, has been set up by Thales UK and Elbit to produce the Watchkeeper system in the UK. The Watchkeeper UAV provides intelligence, surveillance, target acquisition and reconnaissance (ISTAR) capability to the UK armed forces. Reports show that it has been field-tested on Palestinians in collaboration with the Israeli government.

Internal MISP references

UUID 3e23eea5-aa55-45fd-95e9-8bfd71b7abe5 which can be used as unique global reference for UAV Tactical Systems Ltd in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://u-tacs.co.uk/']

Unisys

Unisys is a multinational IT and consulting company that works closely with the U.S Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE). In 2016, CBP gave Unisys a $229.7 million contract to implement biometric checks at U.S. entry and exit points. Unisys has also helped deploy license plate readers and RFID technology to monitor vehicles and verify travelers' identities.

Internal MISP references

UUID 6db29458-b7c4-4318-b114-de5333113b33 which can be used as unique global reference for Unisys in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.unisys.com/']

Uniview Technologies

Uniview, also known as Zhejiang Uniview Technologies, or by its abbreviation UNV, develops and deploys video surveillance systems, including "infrared antiriot" cameras and software that enable real-time image sharing by police agencies across jurisdictions. Uniview's systems are used to suppress political and religious dissent, particularly in regions like Tibet. In 2017, Uniview was revealed to be a reseller and alliance partner of Quantum Corporation, a U.S data storage and management company.

According to the Asian Venture Capital Journal, Uniview was a corporate carve-out of Hewlett-Packard's China-based surveillance business. It was purchased by Bain Capital, and then sold to China Transinfo Technology Co. Ltd.

Internal MISP references

UUID b3963c5a-b59e-4d7e-ae69-7bc82b019e7b which can be used as unique global reference for Uniview Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.uniview.com/']

UPSEC

Sichuan Dianke Network Security Tech. Co., Ltd. (also known as UPSEC and its subsidiary Chengdu Anmo Tech) has been identified as the primary developer and distributor of various spyware tools. The company is also the supplier of the DarkNimbus malware, and has assisted in distributing mobile spyware like BadBazaar and MOONSHINE. These tools have been used for the surveillance of Taiwanese activists, Tibetans, Uyghurs, and Falun Gong supporters. Sichuan Dianke is also involved in the supply chain for the APT group known as TheWizards.

Internal MISP references

UUID a33f153e-7ae5-4c9f-827b-2713df3f4a92 which can be used as unique global reference for UPSEC in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Utility

Utility is the developer behind the AI-powered PULSAR system, which captures vehicle license plates, GPS coordinates, timestamps, and movement direction. It provides law enforcement agencies across the United States detailed vehicle activity records.

Utility also runs POLARIS, a cloud-based digital evidence management system that serves as the central hub for law enforcement agencies to collect, analyze, and manage digital data.

Internal MISP references

UUID af12a140-2327-4490-bd7b-dea0e38de92a which can be used as unique global reference for Utility in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.utility.com/']

UTX Technologies

UTX provides mobile device tracking software. It's based in Cyprus and is also registered in Lithuania. It was acquired by surveillance giant Verint in 2014. It is now considered a Cognyte subsidiary.

Internal MISP references

UUID de7da4bf-c2e2-4cf0-ac31-5025d4518a47 which can be used as unique global reference for UTX Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Variston Information Technology

Variston Information Technology, founded in Barcelona in 2018, develops and distributes spyware and related infrastructure. The company acquired TrueL IT, known for its expertise and exploitation of zero-day vulnerabilities, and works with Protect Electronic Systems to market its products. Variston has also strong ties with Edge Group's cyber subsidiary, a UAE-owned defense company.

Internal MISP references

UUID d025fd23-9ffb-4132-8eff-6d00a2ea89bc which can be used as unique global reference for Variston Information Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

VAS Experts

VAS Experts is a provider of SORM (System for Operative Investigative Activities) hardware and software systems, specifically for SORM-2 and SORM-3, as well as Deep Packet Inspection (DPI) technology. The company's proprietary SKAT DPI (СКАТ DPI) technology is designed to support SORM operations, including monitoring and filtering of network traffic.

VAS Experts serves clients in multiple countries, including Azerbaijan, Kazakhstan, Lithuania, Nicaragua, and Uzbekistan.

Internal MISP references

UUID 15995a98-bf6b-4a32-a0ef-1ee0474b73f0 which can be used as unique global reference for VAS Experts in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://vasexperts.com/']

VASTech

In a 2016 pamphlet produced by VASTech SA Pty Ltd., the company outlines its current capabilities for governments, militaries, and law enforcement agencies around the world, claiming it can conduct “passive detection” of communications transmitted from satellites, fix-and-mobile phones, and fiber optic cable. One of its systems is called Zebra. VASTech says Zebra offers "access to high volumes of information generated via telecommunication services for the purposes of analysis and investigation". It has been designed to "intercept all content and metadata of voice, SMS, email and fax communications on the connected network, creating a rich repository of information".

Internal MISP references

UUID e4098998-0a33-46f6-b7d4-9056ab742ba8 which can be used as unique global reference for VASTech in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

VCA Technology

VCA Technology is a UK-based company that develops AI-powered video content analytics (VCA). Their video surveillance products include facial and license plate recognition, behavior detection, advanced detection algorithms, and frame-by-frame searches to locate specific individuals or vehicles.

The company has offices in Seoul, Bangkok, and Turkey, with manufacturing services being performed in Vietnam.

Internal MISP references

UUID 64c61c90-8aac-43e9-a01f-7794e0a8f4eb which can be used as unique global reference for VCA Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://vcatechnology.com/']

Vehant Technologies

Vehant Technologies is a provider of AI-driven surveillance technologies, offering advanced systems for monitoring to law enforcement agencies. It was founded in 2005 at IIT Delhi. Its capabilities include video analytics, intelligent monitoring, and AI-powered tools for smart cities. Vehant works closely with police forces across India.

Internal MISP references

UUID 1517ab57-68c4-4c08-87d6-2131e7080070 which can be used as unique global reference for Vehant Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.vehant.com/']

Vehere

Vehere is a surveillance technology company founded in 2006. With headquarters in both India and the United States, Vehere provides advanced interception and monitoring services designed to assist telecom companies in intercepting calls and data.

On its official website, Vehere advertises its capability to collect and analyze mass data "from diverse communication network sources, including telephone calls, mobile data, and Internet-based services such as email, voiceover-IP, instant messaging, and others."

Internal MISP references

UUID 536f895e-cd2e-4458-b615-bf4351d79a56 which can be used as unique global reference for Vehere in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://vehere.com/']

Venntel

Venntel is a data analytics company. It provides U.S government agencies, such as the FBI, Drug Enforcement Administration (DEA), Internal Revenue Service (IRS), and Customs and Border Protection (CBP), with tools to access and analyze location data derived from mobile apps. These tools are marketed as a way to aid investigations by uncovering patterns and tracking movements. This data is often acquired from commercial sources, such as data brokers, bypassing the need for a warrant.

Internal MISP references

UUID a5a106f3-fad6-4022-bbb2-daf00e157d7f which can be used as unique global reference for Venntel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://venntel.com/']

Veraset

Veraset is a provider of location and mobility data, offering datasets derived from GPS signals. According to the Washington Post, Veraset shared billions of phone location records with the D.C. government as part of a COVID-19 tracking effort. This data, which was provided without people's consent, was used to monitor movement patterns during the pandemic. However, officials will not disclose the specific reasons for acquiring the data or how it was used.

Veraset was originally founded as a subsidiary of SafeGraph, but the two companies now operate independently.

Internal MISP references

UUID 4ae7ce38-11cc-4d4a-bc63-3510f96f81b4 which can be used as unique global reference for Veraset in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.veraset.com/']

Veriato

Veriato is a developer of AI-powered User Activity Monitoring (UAM) products. A key capability of their surveillance technology is its ability to capture communications activity across multiple platforms, extending beyond traditional email clients to monitor popular external messaging and chat applications. It also tracks comprehensive file activities including creation, editing, deletion, and renaming across local storage, removable media, and cloud storage platforms. The collected data is processed through AI-powered predictive analytics that analyze user behavior patterns.

A key feature of Veriato's technology is its daily "risk score" system, which assigns each worker a score indicating the likelihood they pose a security threat to their employer. The risk score incorporates multiple components, including sophisticated AI analysis that examines the text content of workers' emails and chats to determine employee sentiment and detect changes that may indicate disgruntlement.

The company claims to serve thousands of customers across almost 70 countries around the globe.

Internal MISP references

UUID 95cbee8d-8d18-4fc9-8ae3-52a458ba6ecc which can be used as unique global reference for Veriato in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://veriato.com/']

Verint

U.S.-Israeli company Verint provides sophisticated eavesdropping equipment, including "monitoring centers" that allow for the interception, monitoring, and analysis of both targeted and mass communications across various networks. These systems are integrated into a country's communication infrastructure and are capable of intercepting phone calls and emails from millions of citizens, storing the data for analysis. Verint's technology is employed in over 75 countries and can be used for nationwide mass interception, voice identification, and data mining to build detailed profiles of individuals.

Verint sold their technology to repressive regimes worldwide, including in Azerbaijan, Indonesia, South Sudan, Uzbekistan and Kazakhstan. The technology sold to Azerbaijan was reportedly used to identify the sexual orientations of individuals through social media, leading to the targeting and arrest of LGBTQ+ individuals. In Bahrain, Verint products have been used to gather data from social networks, contributing to the repression of dissidents for their online activities. Additionally, in Indonesia, Verint's technology has been employed to compile databases of LGBTQ+ rights activists and monitor religious minorities.

Verint has also been linked to surveillance operations in South Sudan, where it provided communications interception equipment and support services to the government. This arrangement required the telecommunications company Vivacell to pay Verint over $762,000 to facilitate the interception of citizens' communications, as reported by Amnesty International.

Internal MISP references

UUID cf28d143-90f3-4afd-aaa4-61a543bdbc3f which can be used as unique global reference for Verint in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.verint.com/']

Verita Innovation

Verita Innovation is a developer of surveillance technology, including advanced IMSI Catchers. The company claims these systems utilize software-defined radio (SDR) technology to seamlessly operate across multiple cellular networks, such as GSM, UMTS, LTE, and Wi-Fi, covering a wide range of frequency bands. It's also designed with a modular structure, allowing it to adapt to various applications, from portable shoulder-bag setups to vehicle-mounted systems and geographically distributed fixed solutions.

Their products also include a Location System, a protocol-based solution that enables intelligence and law enforcement agencies to covertly locate, track, and manipulate subscribers in real time. This system features an interface with map support for location monitoring worldwide.

Internal MISP references

UUID c1d2b09a-72d9-46af-b914-b94c395c2569 which can be used as unique global reference for Verita Innovation in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://veritainnovation.com/']

Veritone

Veritone is an enterprise AI company that provides surveillance and investigative tools to law enforcement and government agencies. Its primary product, Veritone Track, is a video forensics platform that enables users to identify and track individuals and vehicles across large amounts of video footage, including body cameras, CCTV, drones, and social media feeds.

A significant upgrade to Veritone Track was announced in October 2024, expanding its capabilities to include AI-assisted vehicle tracking at scale. This update allows investigators to trace vehicles of interest across multiple video sources. The platform's AI engine supposedly analyzes video footage to identify vehicles by their visual features. Its customers include the U.S Department of Homeland Security.

Microsoft Azure provides Veritone with cloud computing resources to support its AI-powered surveillance platforms.

Internal MISP references

UUID c97ec5c1-4fbd-461e-90db-31f6144bd5f2 which can be used as unique global reference for Veritone in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.veritone.com/']

Verkada

Verkada is a provider of cloud-based enterprise video surveillance systems, primarily used by police agencies. It offers features like People Analytics, enabling users to filter individuals detected on camera by clothing, appearance, and facial matches. Their cameras include fisheye models with night vision for low-light areas, bullet cameras designed as visible deterrents, and dome cameras for high-traffic locations.

In 2021, Verkada was breached, giving hackers access to over 150,000 surveillance cameras inside hospitals, organizations, police departments, prisons and schools.

Internal MISP references

UUID 50ca7858-77aa-4c46-b3bc-fa0d3de3bfe4 which can be used as unique global reference for Verkada in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.verkada.com/']

Vetted Security Solutions

Vetted Security Solutions is a distributor of surveillance technologies, serving law enforcement, municipalities, and security teams since 2012. The company provides products such as mobile solar surveillance systems, PTZ cameras, and license plate recognition (ALPR) solutions. In 2023, Vetted Security Solutions was awarded two contracts by the U.S. Immigration and Customs Enforcement (ICE) under the Homeland Security Investigations Directorate. These contracts, valued at $250,000 and $89,500 respectively, included license plate recognition technologies.

Internal MISP references

UUID 0647c83d-670c-4934-bf38-f13d2f19d545 which can be used as unique global reference for Vetted Security Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://vettedsecuritysolutions.com/']

Videotec

Videotec was an Italian company that specializes in the design and manufacture of professional video surveillance equipment. During a June 2018 Who Profits field tour in the old city of Jerusalem, Videotec cameras were documented as part of the surveillance system in the occupied area. The company’s official distributer in Israel is Mal-Tech Technological Solutions, a private Israeli company owned by Moshe Amzel. Mal-Tech provides solutions to the Israeli government such as cameras and network devices. It provides equipment to security bodies such as the Israeli army, the Israeli Police and the Israeli Ministry of Defense. In 2022, it was acquired by Motorola Solutions.

Internal MISP references

UUID df11b600-3400-4a6f-b0c3-f729b4aa6886 which can be used as unique global reference for Videotec in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Vigilant Solutions

Vigilant Solutions is a Motorola subsidiary and longtime partner in U.S. Immigration and Customs Enforcement (ICE)'s vehicle tracking operations. Under a $6.1 million contract, ICE has gained access to Vigilant's extensive database of automated license plate reader (ALPR) data, which includes over 5 billion location records collected from private entities such as parking lots and insurance companies, as well as an additional 1.5 billion records from more than 80 local law enforcement agencies across at least a dozen states. Internal communications revealed by the ACLU indicate that ICE agents have obtained license plate data through informal requests to local police, circumventing official protocols. ACLU's reports also revealed that at least 9,000 ICE agents had access to the database of Vigilant Solutions.

Internal MISP references

UUID a509dcda-127c-4d5d-b113-8264d6b2e665 which can be used as unique global reference for Vigilant Solutions in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Vigilant Technology

Vigilant Technology is an Israeli company that provides high-end CCTV and IP-based digital video and audio surveillance. Their technology is used by various governments, police departments and also deployed in prisons.

Internal MISP references

UUID 5568cfe8-f272-44ad-ac6a-4d386c6578ba which can be used as unique global reference for Vigilant Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://vigilant-inc.com/']

Viisights

Viisights develops behavioral video analytics powered by artificial intelligence. One of their products, Wise, is designed to analyze real-time video feeds to detect and interpret human behaviors. Viisights has been reportedly used in monitoring refugees in Greece as part of the EU-funded Centaur surveillance system. This system, which includes tools from other Israeli companies, has been criticized for creating "prison-like" conditions for refugees. The refugee camps, such as the one on the island of Samos, have been described as "testing grounds" for surveillance technologies later deployed elsewhere in Europe.

Viisights' behavioral video analytics are also used by Israel's Ministry of Public Security and in smart city initiatives, such as in the city of Eilat, to detect and analyze events in real-time.

The company's Wise platform has been integrated with Cognyte's Symphia solutions, to improve the capabilities of both systems for behavioral video recognition. Cognyte is a prominent Israeli vendor of surveillance products.

Internal MISP references

UUID 9ea7a669-31f1-4685-bb23-2f6980c03b7c which can be used as unique global reference for Viisights in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.viisights.com/']

Vintra

Vintra is a company that develops AI-powered video analytics technologies that turn raw video footage into intelligence, primarily for use by law enforcement agencies. Their platform, FulcrumAI, is designed to analyze video from a variety of sources, including fixed surveillance cameras, body-worn cameras, dashcams, and drones. The technology supports real-time monitoring and post-event investigations, offering features like facial recognition, object detection, and behavioral analysis. Its clients include the Sacramento City Police Department and the NYC Department of Investigations.

Internal MISP references

UUID 8cffb83f-854b-4df3-99ba-164be7e80c0b which can be used as unique global reference for Vintra in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.vintra.io']

VisionLabs

VisionLabs is a Russian-founded computer vision developer headquartered in Amsterdam, Netherlands. The company is best known for its facial recognition technology, which is used in over 60 countries for digital identity purposes. In 2021, it was acquired by MTS, Russia’s largest telecoms operator.

Internal MISP references

UUID 0f4fbf53-b511-455d-8395-e92b2cf2ca1e which can be used as unique global reference for VisionLabs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://visionlabs.ai/']

Vixtel

Headquartered in Hong Kong with additional offices in China and Taiwan, Vixtel specializes in developing network monitoring software tailored for mobile and fixed-line network operators, large enterprises, and national security departments, with a particular emphasis on mobile network operators. It's now known as International Business Digital Technology Limited.

Internal MISP references

UUID d1bcad0c-5e9e-47ed-bc6a-36311771aa1e which can be used as unique global reference for Vixtel in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.vixtel.com/']

Void Balaur

Void Balaur is a notorious hacker-for-hire group, active since at least 2015, specializing in cyberespionage and data theft. Built for targeting individuals, businesses, and organizations globally, Void Balaur has been linked to phishing campaigns, credential theft, and selling stolen data, including private emails and sensitive information. Their targets often include political figures and journalists. In 2022, Google's Threat Analysis Group (TAG) took action against Void Balaur by blocking dozens of malicious domains associated with the group. These domains were used in credential theft campaigns targeting high-risk individuals and organizations.

Internal MISP references

UUID b6158c82-8aff-4fdd-b412-acfdfbc689d3 which can be used as unique global reference for Void Balaur in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Voyager Labs

Voyager Labs is a developer of AI-driven investigation tools designed for law enforcement, national security, and corporate security. Its platforms, such as VoyagerAnalytics and VoyagerInsights, are capable of analyzing large amounts of unstructured data from open, deep, and dark web sources, as well as internal databases. These tools help uncover social connections, analyze human behavior, and identify targets. Between 2018 and 2019, dozens of journalists were targets of Colombian military intelligence using VoyagerAnalytics.

The company was exposed for creating fake accounts to scrape data from platforms like Facebook and Instagram. This resulted in Meta filing a lawsuit against Voyager Labs for improper data collection from millions of its users.

The New York Police Department (NYPD) and the Los Angeles Police Department (LAPD) have reportedly used Voyager Labs' tools to scrape data from social media platforms as part of their surveillance efforts.

While it has relocated its headquarters to the United States, its origins and R&D center remain in Israel. It has additional offices and a registered entity in the UK.

Internal MISP references

UUID aba1df2f-1f16-420d-9752-2357c24fed18 which can be used as unique global reference for Voyager Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.voyager-labs.com/']

Vumacam

Vumacam operates one of South Africa’s largest urban CCTV networks, linking thousands of high-definition cameras to a cloud platform called Proof. The system uses IntelexVision’s iSentry AI engine to watch every feed in real time and automatically flag incidents. Vumacam also uses License Plate Recognition (LPR) technology to identify and track vehicles.

Provincial and municipal authorities, including the Gauteng Provincial Government, tap into Vumacam’s live feeds and analytics for policing purposes.

Vumacam is owned by Vumatel, one of South Africa’s biggest fibre internet providers.

Internal MISP references

UUID 341b4d85-58b2-439e-a7e0-ebb5af174e1a which can be used as unique global reference for Vumacam in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://vumacam.co.za/']

Vupen Security

Vupen Security was a French information security company founded in 2004 and based in Montpellier with a U.S. branch based in Annapolis, Maryland. Its specialty was in discovering zero-day vulnerabilities in software from major vendors in order to sell them to law enforcement and intelligence agencies which use them to achieve cyber operations. One of the company's co-founders, Chaouki Bekrar, is also the founder of Zerodium, a cybersecurity company known for its controversial business model of purchasing zero-day vulnerabilities and exploits from security researchers and then selling them to government agencies and private entities, including law enforcement and intelligence agencies.

Internal MISP references

UUID 0dfb8ea4-e24d-4b82-be6a-c322083046f1 which can be used as unique global reference for Vupen Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.vupen.com/']

Watrix Technology

Watrix Technology is a Chinese AI company that develops advanced computer vision and large scale video data analysis products. Founded in 2016, Watrix has developed a proprietary gait recognition system capable of identifying individuals based on their walking patterns from distances up to 50 meters, including when their face is obscured or turned away. Chinese police forces in cities like Beijing and Shanghai have utilized Watrix's gait recognition system to monitor public spaces and identify individuals without relying on facial recognition.

In 2022, it was reported that Watrix and another Chinese surveillance firm, GEOAI, used Nvidia chips to train AI patrol drones and systems designed to identify people by their walk.

Internal MISP references

UUID 95bb40db-72a3-4549-a9cf-25489dcd5285 which can be used as unique global reference for Watrix Technology in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['http://www.watrix.ai/']

Wayout

Wayout Group is a discreet Israeli company founded in 2018 by Gil Dolev, whose sister Shiri Dolev was NSO's head of operations. The company operated as a subsidiary of the NSO Group after an acquisition in the range of $20 million, and was later sold to Goatilev, a company controlled by NorthPole, the financial vehicle of Novalpina Capital, which also oversees Q Cyber Technologies (of which NSO Group is a registered subsidiary.)

The company develops tools that compromise routers and intercepts Internet of Things (IoT) data, providing law enforcement and intelligence agencies with the ability to covertly gather information from connected devices. Its team is composed largely of former officers from Israel's Unit 8100 and Unit 8200.

Internal MISP references

UUID 13783349-4b95-4fde-8fd7-9e275764db06 which can be used as unique global reference for Wayout in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Weibo

Weibo, also known as Sina Weibo, analyzes user behavior and interactions to identify patterns that might indicate dissent or non-compliance with government policies.

Internal MISP references

UUID 3bc1bf30-2273-46e8-a25e-d5e0768fa6e7 which can be used as unique global reference for Weibo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Whooster

Whooster Inc. is a Texas-based company that provides monitoring solutions to law enforcement, government agencies, and private sector clients. Its services are designed to deliver real-time intelligence by integrating public, private, and open source data. In 2023, Whooster partnered with Cobwebs Technologies, an Israeli surveillance company, by integrating Cobwebs' AI-driven intelligence platform. The company has secured multiple contracts with U.S. law enforcement and federal agencies to provide widespread monitoring and surveillance services, including with the U.S. Immigration and Customs Enforcement (ICE) and the Department of Homeland Security (DHS).

Internal MISP references

UUID 376d5044-7f16-489b-be75-7f63de75a955 which can be used as unique global reference for Whooster in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://whooster.com/']

Windward

Windward is an Israeli company that provides maritime surveillance and predictive intelligence systems. Its platform uses AI and analytics to monitor and analyze maritime activities in real time from various sources, such as satellite imagery, Automatic Identification System (AIS) data, and other maritime information. It is a contractor for Frontex, the European Border and Coast Guard Agency. In 2024, the company was acquired by FTV VIII, a private equity growth and expansion fund managed by FTV Capital.

Internal MISP references

UUID 2c3fddbd-ace9-47af-89ab-a2cf5eec4db9 which can be used as unique global reference for Windward in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://windward.ai/']

XCI

XCI is a provider of monitoring and communications intelligence, designed to support law enforcement agencies in interception capabilities. Through real-time data analysis, signal interception, and pattern recognition, XCI enables authorities to monitor, analyze, and interpret communications across various channels, including digital, voice, and networked systems.

Internal MISP references

UUID eaa4bc2f-b7ab-467c-880e-33f724322f9c which can be used as unique global reference for XCI in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://xci.dk/']

Xinjiang Lianhai Chuangzhi

Xinjiang Lianhai Chuangzhi Information Technology Co., Ltd. is a wholly-owned subsidiary of the China Electronics Technology Group Corporation (CETC), a large state-owned military contractor. The company supplies the Integrated Joint Operations Platform (IJOP) system, which is a major component in the region’s surveillance infrastructure. The IJOP is described in multiple reports as a "system of systems" that aggregates data from many sources: facial recognition cameras, CCTV, checkpoints, and a wide range of apps.

The company has built AI-powered checkpoint systems that can detect and track individuals, particularly Uyghurs, as they move around cities. These systems integrate facial recognition, cameras, and other biometric monitoring.

The U.S. Department of Commerce added the company to its Entity List on July 9, 2021, along with 13 other Chinese companies which were sanctioned for their involvement in human rights abuses and surveillance activities in Xinjiang.

Internal MISP references

UUID d0bdf4a1-d2b3-460b-a225-6361fed4f5f9 which can be used as unique global reference for Xinjiang Lianhai Chuangzhi in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Xloong

Xloong is a Beijing-based augmented reality startup that develops surveillance smart glasses and helmets primarily for Chinese police and military forces. The surveillance glasses are equipped with cameras and embedded computer chips that enable sophisticated facial recognition capabilities. Officers wearing these devices can cross-reference faces in real-time against China's national database. The augmented reality technology superimposes virtual images and information directly onto the wearer's visual field, providing immediate alerts when matches are detected.

Internal MISP references

UUID 7104118e-a6c9-49d8-a59f-11cafdbcfdfa which can be used as unique global reference for Xloong in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.xloong.com/']

XRVision

XRVision, a company founded by Yaacov Apelbaum and Guy Ron, is a provider of AI-driven facial recognition and video analytics tools. The company has secured contracts with government agencies including the US Customs and Border Protection in 2019 to deploy its facial recognition technology at the US border. Services for that contract include: "software for wearable devices, mobile phones, tablets, and laptops, namely, software for matching human face images; Computer application software for wearable devices, mobile phones, tablets, and laptops for video analytics, namely, software for matching human faces and performing face recognition."

XRVision is also backed by Boundary Holding, a Luxembourg-based private equity firm led by Rajat Khare, who has a history of cyber-espionage through his firm Appin Security.

Apelbaum, XRVision's co-founder, has deep ties to the surveillance and intelligence industries. He previously served as Chief Technology Officer at AGT International, a Swiss-based firm that developed the Falcon Eye surveillance system for the UAE authorities.

Internal MISP references

UUID afa533f5-3074-4580-a7a7-145a0c067175 which can be used as unique global reference for XRVision in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Xtend

Xtend is an Israeli drone manufacturer. Their Xtender is a miniature indoor drone controlled via virtual reality goggles, allowing operators to conduct intrusive surveillance missions. Their Scorpio drone is also designed for surveillance and combat. Equipped with cameras, sensors, and even lethal payloads, these drones use Xtend’s OSX operating system for human-assisted autonomy, enabling automated navigation and multi-drone coordination. The company works closely with the U.S Department of Defense as well as the Israeli military.

Internal MISP references

UUID 9d102828-ad16-4f58-83c3-9ceb0e70156a which can be used as unique global reference for Xtend in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.xtend.me/']

Xuexi Qiangguo

Xuexi Qiangguo, translated as "Study the Great Nation," is a mobile application launched by the Chinese government in early 2019. While initially promoted as an educational tool to promote Xi Jinping Thought and Party ideology, Xuexi Qiangguo has evolved into a multifaceted platform that also serves as a surveillance and monitoring tool. Beyond tracking user activities within the app, Xuexi Qiangguo also collects personal data to create detailed profiles of users for surveillance purposes. The app's gamified structure ties into China's broader social credit system, where positive engagement with Party propaganda content can contribute to a higher social credit score. Negative activities or associations can result in penalties, restrictions or imprisonment. The app was developed in collaboration with the Chinese tech giant Alibaba.

Internal MISP references

UUID b2b2977e-f101-4b8e-8b3e-f39364c2dad9 which can be used as unique global reference for Xuexi Qiangguo in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

XYZ Elements

XYZ Elements is an Israeli company that provides open source intelligence tools tailored for surveillance purposes. It operates under the leadership of Roy Shloman, a former executive at Senpai Technologies, another Israeli surveillance company. In 2019, XYZ Elements was integrated into Intellexa, the cyber intelligence alliance led by Tal Dilian, a former commander of Israel's Unit 8200.

Internal MISP references

UUID 7f7e4824-f28d-458f-bf97-77a985e89b20 which can be used as unique global reference for XYZ Elements in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.xyzelements.com/#rec217391205', 'https://www.xyzelements.com/']

YITU

YITU is a Chinese company that specializes in surveillance technology. The company has gained recognition for its advanced capabilities in facial recognition, so much so that it won first place in a 2017 facial recognition algorithm contest held by the United States government's Office of the Director of National Intelligence. Yitu provides high-tech surveillance in the UAE, where it maintains an office in Abu Dhabi. Yitu Limited owns or controls, directly or indirectly, Shanghai Yitu Technology Co., Ltd. (Yitu), an entity that operates or has operated in the surveillance technology sector of the economy of the PRC. Yitu has been involved in developing facial recognition technology that looks exclusively for Uyghurs and has been integrated into China’s rapidly expanding networks of surveillance cameras. In addition, Yitu has established an overseas office to export its surveillance technology to foreign law enforcement agencies. Yitu has gained wide recognition for its Dragonfly Eye System, a facial scanning platform that can identify a person from a database of at least 2 billion people in a matter of seconds.

Internal MISP references

UUID e9832475-a50c-4ada-9bbc-c5a6360a32b3 which can be used as unique global reference for YITU in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.yitutech.com/']

Yozmot

Founded by former Israeli army colonel Dany Tirza, Yozmot Ltd. develops body cameras equipped with facial recognition technology for Israeli forces. The company is headquartered in Kfar Adumim, a Jewish settlement in the occupied West Bank. The company claims its facial recognition software can scan crowds and detect individuals in realtime, even if their faces are obscured.

Yozmot's AI-powered biometric matching capabilities is powered by Corsight.

Internal MISP references

UUID 6eeb5ef9-3c90-4c5f-8347-482df9e7c71c which can be used as unique global reference for Yozmot in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Zencity

Zencity is an Israeli data analytics company that helps local governments monitor public sentiment by analyzing social media, message boards, local news, and other public data sources. Serving over 200 agencies across the United States, its platform is used by U.S cities like Phoenix, New Orleans, and Pittsburgh to track public reactions to topics. It also enables police agencies to track negative sentiment toward law enforcement without residents' knowledge or consent.

The lack of public oversight in contracts with Zencity, often approved without city council input, has led to criticism that usage of the tool prioritizes surveillance over genuine community engagement.

Internal MISP references

UUID 71d82274-3d3f-47b5-809d-bb652cd0c85d which can be used as unique global reference for Zencity in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://zencity.io/']

Zenith Technologies

Zenith Technologies is a developer of AI-powered surveillance products. The company showcased its AI EagleEye Intelligent Patrol, integrated with Saudi Arabia's first Lucid police patrol vehicle, at the World Defense Show in Riyadh in 2024. This platform features six embedded AI cameras, providing 360-degree situational awareness, real-time streaming, Automatic Number Plate Recognition (ANPR), facial recognition, and other AI-powered data analytics designed for law enforcement. It also develops an AI-enabled drone, which extends surveillance capabilities from the patrol vehicle, and streams live footage and other data to a central command operated by police agencies.

The company deploys its tools to various agencies in the Gulf region, including Dubai Police and Ajman Police in the UAE, where it also has a regional office.

Internal MISP references

UUID e9db2af1-046b-4f97-ad67-d47054309a1e which can be used as unique global reference for Zenith Technologies in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://www.zenith.com.au/']

Zero Security

Zero Security Research Labs is a zero-day vulnerability reseller that also offers intelligence-gathering systems, including IMSI-catchers and Wi-Fi interception tools. One of their primary products, Xperia-Active, enables the capture of IMSI, IMEI, and TMSI data, as well as real-time communication interception. The company is founded by Andres Acosta, Azizjon Mamashoev, and James Grandoff, and is headquartered in Florida, USA.

Internal MISP references

UUID 25e735a1-b001-47cb-9ca3-ff0527b404bf which can be used as unique global reference for Zero Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

ZeroEyes

ZeroEyes is a AI-powered gun detection technology founded in 2018 by a team of Navy SEALs. The system integrates with existing security cameras to monitor video feeds 24/7, scanning for visible firearms. If a firearm is detected, the system sends human-verified alerts within 3-5 seconds to school administrators and law enforcement. The technology has been widely adopted in schools across nearly 40 U.S. states.

ZeroEyes was involved in a false alarm incident at a Texas high school, where its AI system incorrectly identified a threat and triggered a lockdown.

Internal MISP references

UUID 05730800-81c1-424a-a82c-1109b83e84b4 which can be used as unique global reference for ZeroEyes in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://zeroeyes.com/']

Zhongke Ronghui Security

Zhongke Ronghui Security Technology is a Chinese company that develops surveillance and forensic data extraction tools, including the XDH-5200A scanner used to retrieve data from mobile phones. Its products are widely deployed by police across 32 of China’s 33 provinces. Procurement records show major city police departments, including Beijing and Shanghai, have invested heavily in these tools. Zhongke Ronghui’s technologies support real-time data collection, social monitoring, and integration with broader surveillance systems such as facial recognition and AI-driven analytics.

Internal MISP references

UUID e9d09acd-5f97-46dc-9179-29df80fe9d00 which can be used as unique global reference for Zhongke Ronghui Security in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs []

Zignal Labs

Zignal Labs is a San Francisco-based big data analytics company that develops real-time media monitoring and business intelligence tools. Founded by Josh Grinsberg, the company enables clients to monitor, analyze and organize data from social media and other online platforms. In partnership with Qorvis Communications, a long-standing lobbying firm for Saudi Arabia, Zignal Labs has been contracted to provide surveillance activities on behalf of the Royal Embassy of Saudi Arabia.

In October 2025, it was revealed that ICE signed a $5.7 million contract for licenses to Zignal Labs' software. The platform is also utilized by the Israeli military and the Pentagon.

Internal MISP references

UUID 7da84101-7507-40de-ad95-baf9cd5fb287 which can be used as unique global reference for Zignal Labs in MISP communities and other software using the MISP galaxy

External references
Associated metadata
Metadata key Value
official-refs ['https://zignallabs.com/']