WASHINGTON While serving as a top campaign aide to Donald Trump , former national security adviser Michael Flynn made tens of thousands of dollars on the side advising a company that sold surveillance technology that repressive governments used to monitor activists and journalists.

Flynn, who resigned in February after mischaracterizing his conversations with the Russian ambassador to the U.S., has already come under scrutiny for taking money from foreign outfits. Federal investigators began probing Flynns lobbying efforts on behalf of a Dutch company led by a businessman with ties to the Turkish government earlier this year. Flynns moonlighting wasnt typical: Most people at the top level of major presidential campaigns do not simultaneously lobby for any entity, especially not foreign governments. Its also unusual for former U.S. intelligence officials to work with foreign cybersecurity outfits.

Nor was Flynns work with foreign entities while he was advising Trump limited to his Ankara deal. He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier this year .

Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumored to have served in Unit 8200, the Israeli equivalent of the National Security Agency.

Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.

Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSYs board.

Flynns financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynns consulting firm declined to discuss Flynns work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is not interested in speaking to the press and referred questions to a spokesman, who did not respond to queries.

Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation all have former top government officials in leadership roles or on their boards, or have former top executives working in government.

But its less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. There is a lot of opportunity in the U.S. to do this kind of work, said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. Its a little bit unexpected going overseas, especially when you combine that with the fact that theyre doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.

What is clear is that during the time Flynn was working for NSOs Luxembourg affiliate, one of the companys main products a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a targets cellular phone if the target responded to a text message.

Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.

NSO Group told Forbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. The company does NOT operate any of its systems; it is strictly a technology company, NSO Group told Forbes.

But once a sale is complete, foreign governments are free to do what they like with the technology.

The government buys [the technology] and can use it however they want, Bill Marczak, one of the Citizen Lab researchers, told HuffPost. Theyre basically digital arms merchants.

The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc. , in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Groups products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.

When youre trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence, Johnson said. Hiring someone with Flynns background in intelligence would open up doors that they wouldnt have had access to, Johnson said.

Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy . (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only periodic counsel to Adobes public sector team.)

Prominent human rights activists and political dissidents have reported being targeted by NSOs technology. On August 10, 2016, Ahmed Mansoor, an internationally recognized Emirati human rights activist, received a text message prompting him to click a link to read new secrets about detainees abused in UAE prisons. He got a similar text the next day. But Mansoor, who had already been repeatedly targeted by hackers, knew better than to click the links. Instead, he forwarded the messages to Citizen Lab.

Citizen Lab soon determined that NSO Groups malware exploited an undisclosed mobile phone vulnerability, known as a zero-day exploit, that enabled its customers that is, foreign governments to surveil a targets phone after the target clicked the link included in the phishing text message. If Mansoor had clicked that link, his phone would have become a digital spy in his pocket, capable of employing his phone camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements, Citizen Lab wrote in a report.