Lurking in the murky depths of the global marketplace for offensive cyber capabilities sits a particularly dangerous instrument—spyware.
Spyware’s danger stems from its acute contribution to human rights abuses and national security risks. Most recently, NSO Group, a notorious spyware vendor known to have contributed to the surveillance of journalists, diplomats, and civil society actors across the globe, was fined $168 million in punitive damages by a US court for targeting WhatsApp’s infrastructure with its Pegasus spyware.
This case reasserts the threat of spyware proliferation and misuse, and highlights the urgent need for greater market transparency and accountability.
An updated analysis by the Atlantic Council’s Cyber Statecraft Initiative has revealed that the number of US-based investors in spyware companies skyrocketed in 2024.
In the first Mythical Beasts report covering 1992–2023, the United States ranked second in investor count, with twelve entities.
In this second edition, researchers identified twenty new US-based investors, bringing the total to thirty-one—an increase that catapults the United States to the top of the investor leaderboard.
This surge far outpaces investment growth in other leading countries such as Israel, Italy, and the United Kingdom.
Despite numerous US policy measures—from adding vendors to the Commerce Department’s Entity List, to imposing sanctions and visa restrictions—American dollars continue to flow into companies linked to serious rights abuses and national security threats.
Prominent examples include AE Industrial Partners’ late-2024 investment in Paragon Solutions Ltd, an Israel-domiciled developer of the Graphite spyware platform; and Integrity Partners’ financing of Saito Tech Ltd (Candiru), a company already facing US export restrictions. These deals underline a glaring enforcement gap: US firms are free to fund entities that American policymakers are striving to constrain.
Resellers and Brokers in the Shadows
The updated dataset also shines a spotlight on an under-researched cohort of market actors—resellers and brokers. Acting as intermediaries, these “partners” obscure connections between vendors, suppliers, and buyers through complex corporate structures and jurisdictional arbitrage.
In Mexico alone, researchers catalogued ten historically overlooked intermediaries that facilitated Pegasus sales to government clients using misleading contracts to conceal both the product and its origin.
While the first report documented only two resellers, the second edition uncovers a web of brokers operating with minimal transparency and scant policy oversight
These intermediaries not only blur supply chains but also distort prices and access to exploits, amplifying the market’s opacity. The lack of effective regulatory responses to curtail their activities represents a critical blind spot in efforts to counter spyware proliferation.
Despite these new developments, the core characteristics of the spyware market have remained remarkably stable.
The second edition reaffirms six defining trends identified in the original report: geographic concentration in Israel, India, and Italy; recurring entrepreneurial ventures; partnerships between spyware and hardware-surveillance vendors; frequent name changes and corporate reshuffles; strategic jurisdiction hopping; and global capital mobilization.
This consistency offers a valuable foothold for policymakers seeking to build on existing recommendations and adapt them to emerging market dynamics.
Methodological Notes and Challenges
The updated research incorporated both newly uncovered historical entities and real-time activity through 2024.
Entities were included based on public records, court filings, media reports, and credible civil society investigations. However, limitations in corporate registries—especially in jurisdictions like Israel, India, and the UAE—pose ongoing hurdles to comprehensive data collection.
Overlapping personnel and near-identical corporate names, such as those revealed between Coretech Security Services Limited and Airis Security Technologies Inc in the UK, further complicate efforts to map the market accurately.
The 2025 edition of the Mythical Beasts project underscores two pressing imperatives: addressing the disconnect between US investment flows and policy objectives, and bringing brokers and resellers out of the shadows.
To curb spyware proliferation, the United States must enhance due-diligence requirements, strengthen disclosure mandates, and align investment oversight with existing export-control frameworks.
Simultaneously, regulators and researchers should prioritize visibility into reseller networks to ensure that policy responses encompass the full ecosystem enabling spyware misuse.
Only by illuminating these hidden corners can the international community develop robust, effective strategies to thwart the spread and abuse of commercial spyware.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
