AI Analytics

SpyLedger dossier · Mercenary spyware

Positive Technologies

Russian information-security firm headquartered in Moscow. The legal entity on the OFAC SDN List is AKTSIONERNOE OBSHCHESTVO POZITIV TEKNOLODZHIZ (a.k.a. JSC Positive Technologies / Pozitiv Teknolodzhiz, AO), Russia Tax ID 7718668887, address d. 23A pom. V kom, 30, shosse Shchelkovskoe, Moscow 107241. Operates ptsecurity.ru and ptsecurity.com. The firm markets commercial defensive security products (MaxPatrol, PT Application Firewall, NDR/SIEM), but US authorities designated it for trafficking in cyber exploits and for supporting Russian intelligence services. Per the US government's stated rationale (Treasury press release JY0127, 15 April 2021), the firm provides computer-network security solutions to Russian businesses, foreign governments, and international companies, and hosts large-scale conventions (Positive Hack Days) characterized by Treasury as recruiting events for the FSB and GRU; this reflects the government's designation rationale, not any independently asserted customer or deployment claim. NOTE on silo: the task hint suggested 'dpi-censorship,' but that is not supported by the evidence. Both US designations describe trafficking in offensive cyber exploits/tools (the November 2021 Entity List action grouped the firm with NSO Group and Candiru), so 'mercenary-spyware' is the accurate enum value.

Headquarters: Russia

Products

  • Vulnerability research and exploit development
  • MaxPatrol (vulnerability and compliance management / SIEM)
  • PT Application Firewall (web application firewall)
  • PT Application Inspector (application security testing)
  • PT Network Attack Discovery (NDR)
  • MaxPatrol SIEM
  • PT Sandbox (malware detection)
  • Positive Hack Days (PHDays) security conference

Government designation status

2 active designations from the surveyed authorities. Each is a public government record with a different legal effect — read the type label and scope on each.

US OFACSanction (asset-blocking)Specially Designated Nationals (SDN) List (SDN entry program tags: RUSSIA-EO14024; CAATSA - RUSSIA; CYBER2; NPWMD) · 2021-04-15

Property within US jurisdiction is blocked and US persons are generally prohibited from dealings (e.g. OFAC SDN List).

Full blocking sanction. AKTSIONERNOE OBSHCHESTVO POZITIV TEKNOLODZHIZ (a.k.a. JSC Positive Technologies; Pozitiv Teknolodzhiz, AO), Tax ID 7718668887, was added to the OFAC SDN List on 15 April 2021. All property and interests in property subject to US jurisdiction are blocked and US persons are generally prohibited from transactions with the entity. The current SDN entry (Sanctions List Search id=31455) carries the program tags RUSSIA-EO14024; CAATSA - RUSSIA; CYBER2; NPWMD (verified verbatim). On the announcement date, Treasury press release JY0127 stated the firm was designated pursuant to E.O. 13694 (the CYBER2 tag), E.O. 13382 (the NPWMD tag), and CAATSA for providing support to the FSB; E.O. 14024 was the broad new Russia authority signed the same day and the SDN entry also carries the RUSSIA-EO14024 tag. This is a blocking sanction, not an export-only or investment-only restriction. Verified against the OFAC Sanctions List Search entry and Treasury press release JY0127.

OFAC Sanctions List Search - AKTSIONERNOE OBSHCHESTVO POZITIV TEKNOLODZHIZ (id 31455)

US BISExport controlEntity List (Export Administration Regulations); final rule 'Addition of Certain Entities to the Entity List,' 86 FR 60759, FR document 2021-24123 (RIN 0694-AI64) · 2021-11-04

A license is required to export US-origin items/technology to the entity, typically reviewed under a presumption of denial (e.g. BIS Entity List). It is not an asset freeze.

Export-control listing, not a financial blocking sanction. Effective 4 November 2021 (announced 3 November 2021), BIS added Positive Technologies (Russia) to the Entity List for engaging in activities contrary to US national security, specifically trafficking in cyber tools used to gain unauthorized access to information systems. The listing imposes a license requirement for all items subject to the EAR, a license review policy of presumption of denial, and no available license exceptions. It restricts US-origin exports, reexports, and in-country transfers to the firm; it does not by itself block property or prohibit all dealings the way an OFAC SDN designation does. The firm was added in the same final rule as NSO Group, Candiru, and Computer Security Initiative Consultancy PTE. LTD. (COSEINC, Singapore). Verified against the Federal Register final rule (govinfo mirror of FR document 2021-24123, 86 FR 60759-60761), corroborated by the Commerce/BIS press release and the US State Department statement.

Federal Register: Addition of Certain Entities to the Entity List (86 FR 60759, 4 Nov 2021)

Both designations are independently corroborated by primary US-government sources: the OFAC Sanctions List Search entry (id=31455) and Treasury press release JY0127 for the 15 April 2021 SDN listing; and the Federal Register final rule (govinfo mirror of FR document 2021-24123, 86 FR 60759-60761), the Commerce/BIS press release, and the US State Department statement for the 4 November 2021 Entity List addition. Two corrections were applied during adversarial verification: (1) the OFAC scopeNote no longer asserts E.O. 14024 as 'the primary basis announced that day' because Treasury press release JY0127 states the firm was designated pursuant to E.O. 13694, E.O. 13382, and CAATSA, although the current SDN entry also carries the RUSSIA-EO14024 program tag; (2) the BIS RIN was corrected from 0694-AI66 to 0694-AI64 per the Federal Register text. Positive Technologies is NOT on the FCC Covered List (verified: the only Russia-related entries are the two Kaspersky legal entities, Kaspersky Lab, Inc. and AO Kaspersky Lab), so no equipment_authorization entry applies. No Treasury NS-CMIC (investment_restriction) listing was found for this entity. No evidence was found that either the OFAC SDN designation or the BIS Entity List designation has been removed as of June 2026; both appear to remain in force (the OFAC entry was present on the SDN List as of the 22 June 2026 list update). The record contains no customer/deployment claims (client references are the US government's own designation rationale) and no victim or personally identifiable information.

This dossier restates public government-designation records; it is not an allegation of wrongdoing by AI Analytics, and it publishes no customer-deployment claims or targeting data. A designation describes a specific legal action by a named authority — read its scope; an export control, an equipment-authorization restriction, and an asset-blocking sanction are not the same thing. To dispute or correct an entry, contact us (see the methodology). Status current as of the 2026-06-23 build — confirm against the linked primary source. Back to all vendors.