The business of cyberattacks is not always an underground operation, and selling exploits is sometimes done in broad daylight.
The commercial spyware industry is alive and thriving, according to a report released last week by Google's Threat Analysis Group (TAG).
Security researchers Benoit Sevens and Clement Lecigne of Google TAG said:
"Seven of the nine zero-day vulnerabilities our Threat Analysis Group discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors."
The report specifically details an Italian vendor, RCS Labs, and its "Hermit" surveillance malware (aka spyware) used on mobile phones. TAG researchers observed hacking campaigns that originated with unique links being sent to targets. After clicking, users were prompted to download and install a malicious app on either iOS or Android.
"In some cases, we believe the actors worked with the target's ISP to disable the target's mobile data connectivity," the report says. "Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity."
Google TAG has said it is actively tracking more than 30 such surveillance vendors in an effort to monitor and disrupt the burgeoning industry.
The report suggests that the primary driver of this trend is governments that are willing to pay for technological capabilities they are unable to develop themselves. The spyware tools are then used "for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians."
For more information, read the report from Google TAG.