Pegasus has reportedly been used by nation states to target the phones of rights activists and journalists.
The US has now put its maker, NSO Group, on its “entity list”, banning business dealings with them.
NSO Group said it was “dismayed” by the decision, adding that its technology helped maintain US national security by “preventing terrorism and crime”.
It has long maintained that its software is sold only to military, law enforcement and intelligence agencies from countries with good human rights records.
But earlier this year, it was accused of having sold its technology to authoritarian governments, which then targeted innocent people.
“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based on the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products,” the company said in a statement.
However, US officials said that NSO Group and another Israeli firm, Candiru, had acted “contrary to the national security or foreign policy interests of the United States”.
On the face of it this is a surprising move by the US government.
The US and Israel are close allies, with their respective cyber-experts having co-operated, for example, to restrain Iran’s nuclear programme.
But the Pegasus military-grade spyware developed and sold by Israel’s NSO Group has emerged as a formidable cyber-weapon, used by some of its more autocratic customers in the Middle East to target a wide range of people, not just criminals and terrorists.
Journalists, lawyers, peaceful activists and even a member of the UK’s House of Lords have all had their phones secretly infected with malware that allows the customer to read every message, access all their data and even remotely turn on the microphone without the owner’s knowledge.
The US Commerce Department said the decision was “based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics and embassy workers.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order,” it said.
It also said the announcements were part of President Biden’s efforts to “stem the proliferation of digital tools used for repression”.
A Russian and a Singaporean company – which created hacking tools – were also added to the US trade blacklist.
Separately, the US State Department said it would not be taking action against Israel, Russia or Singapore, based on the actions of the individual companies.