Google Exposes the Dark Web of Spyware: A Call to Action Against Cyber Espionage

In its recent report, Google spotlighted the activities of various firms engaged in the development of spyware programs, urging the United States and its allies to intensify their efforts against the cyber espionage industry. The document asserts that while such programs are often marketed as national security tools for government entities, they are frequently utilized to hack into the phones of civil society members, political dissenters, and journalists.

Google’s Threat Analysis Group (TAG) has conducted a comprehensive analysis of Commercial Surveillance Vendors (CSV), tracking approximately 40 CSV companies of varying degrees of complexity and notoriety. The report details information about the developers, sellers, and users of spyware, the operational methods of CSVs, the types of products developed and sold, as well as an analysis of recent activities.

Google researchers point out that despite the widespread notoriety of the Israeli firm NSO Group and its spyware Pegasus, there exists a multitude of lesser-known organizations facilitating the spread of spy technologies for malicious purposes. According to Google, the private sector currently accounts for a significant portion of the most sophisticated hacking tools detected by experts.

These firms establish connections with state agencies, offering them an array of zero-day exploits based on vulnerabilities unknown to defensive mechanisms, as well as exploits for already known vulnerabilities requiring minimal user interaction, up to Zero-Click. Among the mentioned companies are the Italian Cy4Gate and RCS Labs, the Greek Intellexa, as well as the lesser-known Negg Group from Italy and Variston from Spain. It is noted that these firms offer phone hacking services and actively develop methods to circumvent the latest security measures implemented in iOS and Android operating systems by Apple and Google.

The report especially highlights that software discovered by Negg Group was used for surveillance in Italy, Malaysia, and Kazakhstan. It also points to Variston’s software, which infected devices through Google Chrome and Mozilla Firefox browsers or iOS applications.

Google’s report emerges amid the United States’ announcement of a new policy on visa restrictions for individuals misusing commercial spyware. This measure aims to limit the capabilities of spyware developers to operate within the US and to alter the incentive structure that fosters their growth.

Google calls for more decisive actions in the fight against the cyber espionage industry, emphasizing its importance for ensuring the safety of the internet for all users.