Commercial Spyware Policy Debate Amid Shifting US Enforcement
US policy toward the commercial spyware industry is facing renewed scrutiny as sanctions, contract decisions, and legal actions send mixed signals about how aggressively Washington intends to constrain vendors linked to surveillance abuse. Dark Reading reports that opponents of the spyware market fear recent moves — including rescinded sanctions and reactivated government contracts — could weaken pressure on firms whose tools have been used against journalists, activists, political figures, and officials, even after a Greek court convicted figures tied to the Predator spyware scandal.
The broader policy discussion also reflects concern that governments are emphasizing disruption of cybercrime while easing pressure on software and security accountability elsewhere. A CyberScoop opinion piece argues that recent US action has focused on raising costs for cyber-enabled fraud operators, but that rollback of prior federal software supply-chain assurance measures risks leaving systemic weaknesses unaddressed. A weekly roundup mentioning multiple unrelated incidents, including an alleged Handala attack on Stryker and an Aadhaar bug bounty, does not describe the same spyware-policy story and should be excluded.
Timeline
Apr 22, 2026
UK assesses about 100 countries now have commercial spyware access
The U.K. National Cyber Security Centre assessed that roughly 100 countries now have access to commercial spyware capable of compromising phones and computers, up from an estimated 80 in 2023. The finding highlighted the falling barriers to acquiring government-grade surveillance capabilities and the growing global proliferation risk.
Apr 21, 2026
Grupo Seguritech expands surveillance business into the United States
Mexican surveillance company Grupo Seguritech expanded into the U.S. market, marking a new development in the cross-border growth of surveillance vendors. The move raised privacy and surveillance concerns tied to the company's broader business expansion.
Apr 16, 2026
Knight Institute warns Congress spyware threatens press freedom
At an April 16 Tom Lantos Human Rights Commission hearing on El Salvador's state of exception, the Knight First Amendment Institute warned that commercial spyware is being used to surveil and intimidate journalists worldwide. The submission cited Pegasus targeting of El Faro journalists and urged Congress to amend the Computer Fraud and Abuse Act so spyware victims can pursue claims involving U.S.-based infrastructure.
Apr 2, 2026
ICE confirms use of Paragon spyware in drug trafficking investigations
Acting ICE Director Todd Lyons told lawmakers that the agency bought and used Paragon Solutions spyware in drug trafficking cases, authorizing Homeland Security Investigations to deploy the tool against foreign terrorist organizations exploiting encrypted communications. ICE said the use complied with constitutional requirements and did not present significant security, counterintelligence, or foreign misuse risks.
Apr 1, 2026
ICE confirms expanded Paragon spyware deployment in letter to Congress
In an April 1 letter to Congress, ICE confirmed it had approved the procurement and use of a spyware tool and acknowledged expanded deployment of Paragon Solutions technology. The disclosure said ICE had reopened a $2 million contract with Paragon's U.S. branch the previous summer, intensifying congressional and civil liberties scrutiny.
Mar 26, 2026
Atlantic Council report highlights intermediaries fueling spyware expansion
An Atlantic Council report said brokers, resellers, contractors, and permissive-state partners are increasingly driving the global commercial spyware market and helping buyers bypass export controls, trade bans, and transparency measures. The report argued that these intermediaries obscure supply chains, lower barriers to entry, and accelerate spyware proliferation worldwide.
Mar 12, 2026
NSO appoints David Friedman as chairman and releases transparency report
After its acquisition, NSO Group named former U.S. ambassador David Friedman as chairman and published a transparency report. Civil society groups criticized the report as insufficient amid ongoing concerns over Pegasus abuse.
Mar 12, 2026
US investor group acquires NSO Group
NSO Group was purchased by a U.S. investor group led by producer Robert Simonds. The deal represented a major ownership shift for the Pegasus spyware maker.
Mar 12, 2026
AE Industrial Partners acquires Paragon Solutions
Florida-based AE Industrial Partners acquired Paragon Solutions. The ownership change was cited as part of a broader reshaping of the commercial spyware market with increased U.S. ties.
Mar 12, 2026
ICE reactivates contract with Paragon Solutions
U.S. Immigration and Customs Enforcement reactivated a contract with Israel-linked Paragon Solutions, the maker of Graphite Android spyware. The decision became a focal point for concerns that U.S. policy was becoming more permissive toward commercial spyware vendors.
Mar 12, 2026
Sara Hamou is convicted in Greece's Predatorgate case
Sara Hamou was later convicted in Greece's Predatorgate case after the U.S. sanctions rollback. The conviction marked a notable accountability action tied to the Predator spyware scandal.
Mar 12, 2026
Treasury lifts OFAC sanctions on three Intellexa executives
The U.S. Treasury Department unexpectedly removed OFAC sanctions from three Intellexa executives, including Sara Hamou. The move alarmed spyware critics, who said it signaled possible softening in U.S. policy toward the commercial spyware industry.
Mar 12, 2026
Google reports commercial spyware vendors increasingly exploit zero-days
Google threat intelligence reporting found that commercial surveillance vendors are increasingly responsible for zero-day exploitation activity. The finding added technical evidence that the spyware industry is driving advanced offensive operations.
Mar 12, 2026
CISA warns of spyware delivered through mobile messaging services
CISA issued an unusual warning about commercial spyware being delivered via mobile messaging platforms. The alert underscored growing concern over spyware abuse against targets' mobile devices.
Mar 11, 2026
OMB rescinds prior federal software supply chain guidance
A recent Office of Management and Budget memo rescinded earlier Biden administration guidance on federal software supply chain security. The change made mechanisms such as secure software development attestations and SBOM requests optional rather than durable requirements.
Mar 6, 2026
US issues executive order targeting cyber-enabled fraud
On March 6, the U.S. government issued an executive order aimed at raising costs for cybercriminals through coordination, disruption, prosecutions, intelligence sharing, resilience measures, and diplomatic pressure on states that harbor such operations.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
5 more from sources like schneier on security, cyberscoop, knightcolumbia, techcrunch com security and dark reading
Related Stories
Pall Mall Process Shifts Toward Voluntary Industry Standards for Commercial Spyware
An international initiative known as the **Pall Mall Process** is moving from government-focused norms to developing *opt-in* guidelines for the commercial cyber intrusion/spyware industry, amid debate over how to define the market and constrain abuse without eliminating tools used for legitimate purposes such as law enforcement. Participants have been grappling with core design questions including **who the rules should apply to**, how to draw boundaries between legitimate security research and illicit intrusion activity, and whether the scope should include adjacent capabilities such as reconnaissance tooling. At a discussion held under **Chatham House rules** alongside Washington, D.C.-area events, stakeholders from government, industry, and civil society weighed how to **incentivize participation and measure compliance**, and how to handle vendors with a “checkered past.” Commentary around the effort emphasized that voluntary, non-binding standards may have limited impact without stronger state action, pointing to existing government levers already used to shape the market—such as **Entity List designations**, **financial sanctions**, and **visa restrictions** targeting actors involved in the misuse of commercial spyware.
1 months ago
Mercenary Spyware Campaigns Targeting Security Researchers and Developers
Multiple reports indicate that mercenary spyware operations have begun targeting not only traditional victims such as journalists and activists, but also the developers and security researchers who build and analyze surveillance tools. Apple issued high-confidence threat notifications to iOS exploit developers, warning them of government spyware targeting their devices. This marks a notable escalation in the mercenary spyware ecosystem, as attackers are now focusing on individuals with deep technical knowledge and access to sensitive information about exploit development. The commercial spyware market continues to thrive, with unpatched vulnerabilities fueling rapid innovation and deployment of new attack techniques. Security researchers have documented a record number of zero-day vulnerabilities exploited in the wild, many linked to commercial surveillance vendors. The targeting of exploit developers suggests a coordinated campaign within the cybersecurity community, highlighting the growing risks faced by those at the forefront of digital defense and offensive tool creation.
1 months ago
U.S. Treasury Removes Sanctions on Intellexa Predator Spyware Executives
The U.S. Department of the Treasury has lifted sanctions on three individuals—Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou—who were previously designated for their roles in the Intellexa Consortium, the company behind the Predator commercial spyware. These individuals had been sanctioned in 2024 for their involvement in developing, operating, and distributing Predator, as well as for facilitating the consortium’s financial and managerial operations. The reasons for their removal from the sanctions list have not been disclosed, and it is unclear whether they continue to hold their previous positions within the organization. The reversal marks a significant shift in the U.S. government’s approach to countering commercial spyware manufacturers, following earlier efforts that included sanctions, blacklisting, and international agreements targeting such companies. Digital rights advocates have expressed concern that lifting these sanctions could undermine accountability for those involved in the proliferation of spyware, which has been used by governments and other actors to conduct invasive surveillance through zero- and one-click attacks. The Treasury Department has not provided further comment on the decision, and the move has prompted calls for greater transparency regarding the evidence supporting the delisting.
1 months ago