The U.S. has been advised to bolster its fight against spyware technology, which has presented a risk to national security and individual privacy, with House Intelligence Committee Chairman Rep. Adam Schiff, D-Calif., pledging more action to crack down on foreign commercial surveillance technology, CyberScoop reports.
Hundreds of government customers may be working with over 30 spyware vendors identified by Google around the world, said University of Toronto Citizen Lab researcher John Scott-Railton during a House Intelligence hearing. Increased efforts to prevent collaborations between U.S. firms and spyware vendors are possible, according to Scott-Railton, who noted that the Oregon Public Employees Retirement System owns the majority of Pegasus spyware vendor NSO Group, of which the Alaska Permanent Fund is also an investor.
Meanwhile, Google Threat Analysis Group Senior Director Shane Huntley noted that commercial providers were behind most of the zero-days identified by the group last year, which were then sold to state-sponsored threat actors.
"This trend should be concerning to the United States and all citizens. These vendors are enabling the proliferation of dangerous hacking tools, arming nation-state actors that would not otherwise be able to develop these capabilities in-house," said Huntley, which called for greater collaboration between the public and private sectors in combating the spread of spyware.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.