September 6, 2024 at 03:49PM Efforts by the US and other governments to curb NSO Group’s Pegasus and Intellexa Consortium’s Predator spyware have largely failed, leading the spyware retailers to improve evasion tactics. While recognized as a threat to human rights, sanctions have been circumvented, with spyware sales persisting. The spyware market is concentrated in … Read more
August 30, 2024 at 01:05PM Google’s Threat Analysis Group (TAG) discovered a series of exploit campaigns perpetrated by a Russian-backed threat actor targeting the Mongolian government websites, delivering mobile exploits previously utilized by commercial spyware vendors Intellexa and NSO Group. The campaigns aimed to hijack visitors’ devices by exploiting iOS and Chrome vulnerabilities, posing an … Read more
August 29, 2024 at 09:05AM Between November 2023 and July 2024, the Russian state-sponsored APT29 group, also known as “Midnight Blizzard,” utilized iOS and Android exploits in cyberattacks on Mongolian government websites. Google’s Threat Analysis Group identified the group’s use of n-day flaws that remain effective on devices not updated. APT29’s exploits overlapped with those … Read more
February 7, 2024 at 03:39AM The commercial spyware economy is thriving despite government and big tech crackdowns. Google’s Threat Analysis Group discovered numerous smaller surveillance vendors in addition to major players like NSO Group and Intellexa. Western governments are taking steps to curb the $12-billion-a-year industry, but the spyware business continues to grow. The lack … Read more
February 6, 2024 at 12:29PM Commercial spyware vendors were responsible for 80% of the zero-day vulnerabilities uncovered by Google’s Threat Analysis Group in 2023, enabling global device surveillance. Google monitors 40 vendors to detect exploitation attempts, finding that 35 of 72 zero-day exploits over the last decade targeted its products. Notable vendors include Cy4Gate, RCS … Read more
February 6, 2024 at 06:18AM A recent report from Google revealed that over 60 zero-day vulnerabilities in Apple, Adobe, Google, Microsoft, and Mozilla products since 2016 are linked to commercial spyware vendors. These companies allegedly aid governments in targeting individuals, contradicting claims of lawful surveillance. The vendors pay millions for exploits, and Google’s Threat Analysis … Read more
February 6, 2024 at 05:07AM Summary: Governments’ increased interest in spying on activists and dissidents has led to a surge in commercial spyware vendors (CSVs). These vendors exploit zero-day vulnerabilities and provide end-to-end surveillance capabilities for substantial sums. Google’s report highlights the concerning growth of CSV operations globally, prompting the Biden Administration to issue an … Read more