ACCORDING to Threat Analysis Group, the new Buying Spying report documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the open internet. TAG states it actively tracks around 40 Commercial Surveillance Vendors (CSVs) of varying sophistication and exposure, and the report outlines who develops, sells and deploys spyware, how CSVs operate, the products they sell, and recent activity.
Four primary groups have found it profitable to work together: vulnerability researchers and exploit developers; exploit brokers and suppliers; Commercial Surveillance Vendors (CSVs) or Private Sector Offensive Actors (PSOAs); and government customers who purchase spyware and craft campaigns. The piece notes the private sector now circuits a significant portion of the most advanced tools, and that CSVs are behind half of known 0-day exploits targeting Google products and Android devices.
It also highlights international efforts to combat spyware, including the Pall Mall Process co-hosted by France and the UK, and references steps taken by the US Government to limit government use of spyware and an international joint statement.