Sanctions - wrong fix.
The department's Bureau of Industry and Security (BIS) added Israel-based firms NSO Group and Candiru to its Entity List "based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."
So no warning to all 'government officials, journalists, businesspeople, activists, academics, and embassy workers' that the very existence of NSO etc as businesses means that it is possible, with a bit of effort, to snoop on their phones or computers and not to trust the security of these devices. Instead of which we get told that NSO are the bad guys for making it possible.
It is possible to subvert these devices. If NSO etc don't do it then someone else will. The fix is to plug the security holes and/or not rely on insecure devices - no matter how inconvenient that might be.