Feb 07, 2024 12:30:00

Google's threat analysis team announces that most zero-day vulnerabilities involved 'commercial spyware vendors'

Google's Threat Analysis Team (TAG) announced on February 6, 2024 that private spyware developers were involved in 80% of zero-day vulnerabilities exploited to spy on Google products. . In response to this growing risk, governments around the world are accelerating efforts to prevent the spread of commercial spyware.

New Google TAG report: How Commercial Surveillance Vendors work

https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/

Google says spyware vendors behind most zero-days it discovers
https://www.bleepingcomputer.com/news/security/google-says-spyware-vendors-behind-most-zero-days-it-discovers/

UK, France pitch rules to curb spyware abuse – POLITICO
https://www.politico.eu/article/uk-france-pitch-rules-to-curb-spyware-abuse/

US announces visa ban on those linked to commercial spyware
https://www.bleepingcomputer.com/news/security/us-announces-visa-ban-on-those-linked-to-commercial-spyware/

At the forefront of global politics, commercial spyware is used to monitor important figures such as journalists, activists, and politicians, and its impact affects society as a whole by infringing on freedom of speech and the press, and interfering with fair elections. casting a shadow.

TAG, which has monitored 40 commercial spyware vendors (CSVs), found that out of 72 known zero-day exploits affecting their products over the past 10 years, 35 could be attributed to CSVs. announced.

The following five CSV files should be especially noted.

・Cy4Gate and its subsidiary RCS Lab: This CSV is an Italian company known for the spyware 'Epeius' and '

Hermit ' for Android and iOS.
・Intellexa: A spyware company led by Israeli engineer Tal Dillian. He is also on the US government's blacklist .
・Negg Group: An Italian CSV founded in 2013, known for its malware Skygofree and spyware VBiss, which target mobile devices through exploit chains.
・NSO Group: An Israeli company famous for the spyware Pegasus , which has been described as the ``fabled holy grail that hackers have been searching for,'' it continues to operate despite numerous sanctions and lawsuits .
・Variston: A Spanish CSV that is characterized by the provision of customized security solutions. It has been pointed out that it is involved in the commercial exploit 'Heliconia' and is expanding its influence in the United Arab Emirates (UAE).

According to Google, of the 74 zero-days exploited in 11 CSVs, 24 affected Google Chrome, 20 affected Android, 16 affected iOS, and 6 affected Windows.

The threat of commercial exploits has become big business, and governments are rushing to create regulatory frameworks. On February 6, 2024, the British and French governments announced the establishment of international guidelines for the responsible use of spyware.

Countries that have signed the international rule-making oath include EU member states Belgium, Czech Republic, France, Greece, Italy, and Poland, as well as allies the United States, United Kingdom, and African Union . Industry participants include Apple, Google, Meta, Microsoft, and British defense company BAE Systems.

Separately, on February 5th, the US government issued sanctions banning visas for individuals involved in commercial spyware misuse.

The policy reflects the stance of the Joe Biden administration, which takes the proliferation of commercial spyware seriously, with Secretary of State Antony J. Implement new policies that allow for the imposition of restrictions. Such targeting has been linked to arbitrary detention, enforced disappearances , and extrajudicial killings, and threatens the security and espionage of U.S. military personnel. It also poses a threat to preventive measures,'' he said, criticizing CSV.