Rise in Government Spyware Hacks Around World Revealed

Gregory Zuckerman
By Gregory Zuckerman
Technology
7 Min Read

Government-grade spyware, once sold as a scalpel for counterterrorism, has become a surgical tool stretching far beyond its advertised purpose. Journalists, activists and political opposition figures have been targeted with the tools, and even local political consultants are finding themselves in the sights of a newly empowered police state eager to use its hacking authority as leverage over those who dare to speak out.

The surge isn’t just anecdotal. Citizen Lab, Amnesty International’s Security Lab and a media consortium have exposed a broadening pattern of abuse across democracies and autocracies. The consequence is a cold reality: if you are wired, you are a target.

Table of Contents
A man with dark hair and a beard looking directly at the viewer, with the text HackingTeam and Rely on us. above him on a dark blue background.

How the Business Model Promotes Overreach

Commercial spyware is not sold like traditional enterprise software; it’s licensed per target with tiers by capacity. Leaked sales materials from the now-defunct Hacking Team and other purveyors offered packages at both ends of that spectrum — a few concurrent targets on one end, virtually unlimited “surveillance seats” on the other, giving an obvious incentive to cast the net more widely.

After a public agency pays the large upfront fee, the marginal cost of adding more people is low. That pricing dynamic, along with scant external oversight, allows operators to slide from “only terrorists” into “anyone interesting,” including minor political rivals and unfriendly reporters.

Zero-Click Exploits Remove Friction From Intrusions

On a technical level, the attacks are now disturbingly easy. Nowadays, sophisticated spyware often uses zero-click exploits in popular software like iMessage and WhatsApp. Cases like FORCEDENTRY and BLASTPASS, detailed by Citizen Lab and confirmed as legitimate by device manufacturers, demonstrated that a hidden message could take over a device without anyone even clicking on anything.

Vendors commodify that complexity behind point-and-click dashboards. The operators type in a phone number or an Apple ID, and the platform links up exploit and payload delivery. It may appear to be a marketing CRM; the result is complete device compromise — mic, camera, files and real-time location.

Evidence of Government Spyware Abuse Worldwide

The Pegasus Project, according to a global media consortium that coordinated it and sought technical support from Amnesty International’s Security Lab, identified tens of thousands of phone numbers as possible targets of Pegasus clients, indicating a much larger scale at which such tools were lined up for surveillance. Not all the numbers corresponded to confirmed infections, though follow-up forensics corroborated much of it.

Citizen Lab recorded at least 65 infections or attempts to target organizations and politicians in Catalan civil society, as well as rights groups tracking up to 35 journalists and activists in El Salvador being targeted using Pegasus. Morocco, the United Arab Emirates and Saudi Arabia have all been repeatedly implicated in such surveillance of dissidents and reporters by multiple independent reports.

Google’s Threat Analysis Group has said it is monitoring more than 40 commercial surveillance vendors globally and that these companies fuel a constant stream of in-the-wild zero-day exploits. And annual reviews by Project Zero also demonstrate that commercial vendors are well represented among modern mobile exploit chains.

A man in a suit stands on a ledge overlooking a city at night, interacting with a holographic display of interconnected cybersecurity icons and text like SECURITY BREACH and HACKING DETECTED.

Accountability Gaps and Secrecy in Procurement

Procurement is typically veiled in secrecy and national security carve-outs. Contracts are confidential; judicial oversight, where it exists, is opaque; and reporting requirements are deficient or nonexistent. Sellers need to be bound by strong NDAs and governments rarely disclose usage, let alone inform targets afterward.

That opacity provides an environment near perfectly suitable for abuse. Even when misuse is found — via forensic work by universities and NGOs — governments can always disavow responsibility, point to rogue operators or simply sunset one vendor only to bring on another under a new brand with less public scrutiny.

Regulators Push Back, But the Market Quickly Adjusts

There has been movement. The United States released an executive order limiting the federal government’s contracting of commercial spyware that poses national security and human rights risks and announced sanctions against companies like NSO Group, Candiru, Cytrox and Intellexa. A coalition led by the United Kingdom and France on both sides of the Atlantic demanded tighter regulation of the spyware trade, while a committee from the European Parliament, PEGA, named widespread abuses and called for reform.

Some companies say they have cut off abusive customers; NSO has acknowledged disconnecting certain government clients, and Paragon has said it drops them if oversight is declined. Device makers are also bolstering defenses — Apple introduced Lockdown Mode for high-risk users, and has alerted people to suspected state-sponsored attacks in more than 150 countries since 2021.

Why More People Keep Getting Hit by Spyware Attacks

There are three factors that continue to expand the victim pool. First, capacity-based licensing promotes the widest use. Second, zero-click exploits reduce operator effort to nearly nothing, making what has been “selective” spying into a volume business. Third, the cost of being caught can be low when the criminal process is not transparent and oversight is weak; hence temptation rises and deterrence falls.

Until the oversight includes effective target auditing, post-use warning and enforceable punishment — along with export controls that actually bite — the economics favor overreach. The market for it is multibillion-dollar, and growing, and vendors will continue to sell it if any government will keep typing a number into a console.

Bottom Line for Vulnerable and At-Risk Communities

For journalists, activists and political organizers, the threat is structural, not personal. Risk-reduction measures such as enabling Lockdown Mode and keeping devices fully updated and siloing work from personal communications can help, but they cannot fix a supply chain that was built for quiet, scalable intrusion.

The dynamic behind today’s wave of government spyware hacks is not a mystery but math: Low friction plus high capacity and minimal accountability has produced more targets. Short of that equation being altered, the list of victims can be expected to expand.

Gregory Zuckerman
ByGregory Zuckerman
Gregory Zuckerman is a veteran investigative journalist and financial writer with decades of experience covering global markets, investment strategies, and the business personalities shaping them. His writing blends deep reporting with narrative storytelling to uncover the hidden forces behind financial trends and innovations. Over the years, Gregory’s work has earned industry recognition for bringing clarity to complex financial topics, and he continues to focus on long-form journalism that explores hedge funds, private equity, and high-stakes investing.
Latest News