Israeli hackers-for-hire firm NSO Group is having a rough year. Alongside a suit by Facebook over the alleged hacking of their messaging application WhatsApp, the credit rating firm Moody’s recently downgraded the cyberattack company’s status due to a decline in the business.
In February 2019, the company’s founders and a private investment fund jointly bought control of NSO at a valuation of $1 billion. But to conclude the deal, the founders, Shalev Hulio and Omri Lavie, took out $500 million in loans from two banks. These loans are rated by credit rating firms, who estimate the quality of the debt and its chances of being repaid.
Moody’s said at the end of last month that it downgraded the company’s rating from B2 to B3, adding that its outlook remains negative. The report said most of the debt is supposed to be repaid in March 2025.
The reasons for the downgrade were that the company’s business has weakened and its liquidity has declined. NSO was “heavily impacted by the coronavirus pandemic in 2020 when new license sales slowed down due to travel restrictions and slower sales processes,” it explained.
Sensitive products like NSO’s software generally aren’t made available via the web and remote cloud services. Rather, they have to be physically installed for the customer.
“We do not expect a swift recovery of the company's revenues and profitability in the next 12 months,” the report added. Moody’s also warned that NSO may not meet its so-called debt covenants - the timeline for repaying parts of the money lent. In the case that its debtors do not extend the covenant or offer them a temporary waiver, NSO could find itself defaulting on the loans.
Moreover, Moody’s said, after several strong years, the company’s cash flow was negative in 2020 due to a decline in overall revenues. However, it is worth noting that when the pandemic hit, NSO decided not to downsize its staff. Not only did they not fire any employees, they also did not put any of them on unpaid leave during the coronavirus crisis.
- Israeli spyware firm vows transparency after rights groups claim it’s not acting in ‘good faith’
- Secretive Israeli cyber firm selling spy-tech to Saudi Arabia
- Controversial Israeli spyware firm NSO eyes public listing, CEO may step down
Moreover, NSO is now also making efforts to expand its portfolio of products, which currently focus on hacking cellphones, to include defense against drones, analytical programs and more.
In its report, Moody’s also revealed some information about NSO, both financial and nonfinancial. It said the company operates in Israel, Bulgaria and Cyprus and has 750 employees. It also has 60 customers in 35 countries.
NSO reported revenues of $243 million in 2020 and EBITDA, or earnings before interest, taxes, depreciation and amortization, of $99 million, the report said. This means its EBITDA came to around 40 percent of revenues. The company’s last ratings report, in 2018, put its revenues at $251 million and its EBITDA at 48 percent.
In March, the Guardian reported that Novalpina, the investment fund which co-owns NSO, is also going through a rough patch. The British daily said a battle for control is taking place among the partners over voting rights. NSO is the fund’s biggest holding.
NSO said that since January 2020, it has hired 280 people “to support our trend of accelerated growth, which is reflected in part in investments in a series of new products, including unique technology for dealing with the threat of drones, analytical products and a system for identifying and severing chains of infection during the coronavirus period.
“These products were developed by identifying market trends and analyzing needs of the company’s customers for a range of solutions in order to cope with the challenges they face,” it continued. “To this end, the company has spent significant sums on research and development, whose contribution to a growth in the company’s earnings will be reflected over the course of years.”
NSO is eying an initial public offering, and if it does so, its CEO Hulio will step down. Hulio, who founded the firm known for its Pegasus software, informed employees in March that if he resigned as CEO, he would stay on in some other capacity.
Pegasus is designed to break into mobile phones, bypass detection and mask its activity. The malware infiltrates phones to extract personal and location data and surreptitiously control the smartphone’s microphones and cameras.
In reviewing the company’s recent achievements, Hulio said at the time that NSO has two possible paths to a future injection of major funding – an investment from a private investor or an initial public offering. There have been reports in the past of plans to have NSO go public through a merger with a special purpose acquisition company, or SPAC, a shell company that is publicly listed with an eye to acquiring a private firm.
Hulio said NSO’s value would be expected to increase substantially whether it gets an infusion of cash from a private investor or through a SPAC. The SPAC route could enable NSO to avoid the usual institutional investor “road show.” NSO and companies like it, which operate in the somewhat shadowy hacker-for-hire area of cyber technology, frequently have a hard time raising funds, if for no other reason than the negative press that they attract.
Facebook is suing the NSO Group in U.S. federal court for allegedly targeting users of its encrypted messaging service WhatsApp with Pegasus spyware. A coalition of the world’s leading technology corporations, including Microsoft, Google, Cisco and LinkedIn, have filed an amicus brief in support of Facebook.
Citizen Lab, which is based at the University of Toronto, has claimed that NSO may have hacked the phones of dozens of human rights activists around the world as well as journalists from Qatar-based Al-Jazeera television. An international investigative journalism collaborative organized by Forbidden Stories recently also suggested that the firm’s technology may have also reached drug cartels in Mexico after it was sold to local police forces. NSO denied the allegations.