Over 100 Governments Now Have Access to Commercial Spyware, UK Intelligence Warns
NCSC reveals barrier to hacking tools has fallen, with spyware increasingly targeting bankers and businesspeople beyond traditional suspects like journalists and critics
L'essentiel
- National Cyber Security Centre will reveal Wednesday that more than half of the world's governments—approximately 100 countries—now have access to commercial spyware capable of breaking into computers and phones to steal sensitive information.
- This represents an increase from 80 countries estimated in 2023.
- The tools, developed by companies like NSO Group (Pegasus) and Paragon (Graphite), were originally marketed for targeting criminal and terror suspects but have been misused to target journalists, critics, and political adversaries.
Résumé généré par IA
Pourquoi c'est important
Commercial spyware developed by private companies like NSO Group's Pegasus and Paragon's Graphite relies on exploiting security flaws in software to break into devices. While governments claim these tools target criminal and terror suspects, human rights defenders have documented widespread misuse against journalists, critics, and political adversaries. The UK intelligence report marks the first official acknowledgment that victimology has expanded beyond these traditional targets to include bankers and wealthy businesspeople.
More than half of the world's governments have access to commercial spyware that can break into computers and phones to steal sensitive information, according to U.K. intelligence. The U.K. National Cyber Security Centre plans to reveal its findings Wednesday, according to Politico. The report suggests that the barrier to access this type of surveillance technology has fallen, potentially making it easier for foreign governments and hackers to target U.K. citizens, companies, and critical infrastructure with spyware. It's also an increase in the number of countries with access to these type of hacking tools, to 100, up from the 80 countries U.K. intelligence estimated in 2023. Commercial spyware, developed by private companies like NSO Group's Pegasus and Paragon's Graphite, often relies on exploiting security flaws in phone and computer software to break into the devices and steal the data within. While governments have claimed that they only use spyware against top criminal and terror suspects, security researchers and human rights defenders have long warned that governments have misused spyware to target their critics and political adversaries, including journalists. U.K. intelligence now says that the victimology has "expanded" in recent years to include bankers and wealthy businesspeople. Richard Horne, who runs the U.K. National Cyber Security Centre, said in a speech at the CYBERUK conference in Glasgow that British companies are "failing to grasp the reality of today's world," per a pre-released copy of his speech seen by TechCrunch. Horne said that the majority of nationally significant cyberattacks targeting the United Kingdom has originated from foreign adversarial governments, rather than cybercriminal gangs. The U.K., along with several other countries, also continues to experience China-linked intrusions aimed at stealing sensitive data, spying on high-profile individuals, and setting the groundwork for potentially disruptive hacks to stall a Western military response ahead of an anticipated Chinese invasion of Taiwan. The spyware threat facing the U.K. is not just from governments, but also cybercriminals with access to these tools. Earlier this year, a hacking toolkit dubbed DarkSword, containing several exploits capable of hacking into modern iPhones and iPads, leaked online. The tools allowed anyone to set up websites capable of hacking Apple customers who had not yet updated to the most recent version of its mobile software.
À surveiller
Perspective IA — des possibilités, pas des certitudes
More countries will publicly acknowledge spyware threats and potentially announce regulatory measures
Probable · En quelques mois
Additional details on China-linked intrusions targeting UK infrastructure will emerge
Probable · En quelques semaines
Questions ouvertes
- Which specific countries have acquired commercial spyware since 2023
- What are the exact capabilities of the DarkSword toolkit
- How many UK companies or individuals have been targeted by foreign spyware
- What specific China-linked intrusions has the UK experienced






