The identity of the group that helped the FBI access the encrypted data from San Bernardino shooter Syed Farook’s iPhone is still a mystery.

The common thinking now is that it was a group of anonymous “gray hats”–that is, security pros operating in the gray area between legit research and criminal hacking. But not so fast, say some in the security community; the mysterious helper might yet be Cellebrite, the Israeli security company originally thought to have cracked the phone for the FBI.

The FBI has contracted with the Sun Corporation subsidiary for $338,581 worth of gear and services since December 2, 2015—the date of the San Bernardino attack—according to Federal Procurement Data System records. Neither the FBI nor Cellebrite would say if this was indeed payment for the hack.

Cellebrite and other Sun Corporation companies are in the business of helping extract encrypted data from cell phones—like the iPhone 5C used by Farook, for instance.

The FBI won a court order in mid-February demanding Apple’s help in cracking the Farook phone. Apple refused, and so began a six-week testy exchange of court filings and public statements. The FBI finally abandoned the order on March 21, saying that a “third party” had come forward with a hack to gain access to the phone.

Interestingly, that very same day, the FBI issued a $15,278.02 purchase order for Cellebrite.

In a March 23 report in the Israeli newspaper Yedioth Ahronoth Cellebrite was identified as the party thought to have provided the FBI with the Farook phone hack. Over the following few days, stock of Cellebrite’s parent company, Sun Corporation, rose 20% on the Tokyo Stock Exchange.