Over 100 countries possess phone-hacking spyware, says UK government

More than half of the world's governments now have access to commercial spyware capable of infiltrating computers and mobile phones to extract sensitive information, according to findings from UK intelligence agencies.

The UK National Cyber Security Centre is set to publish its findings on Wednesday, according to Politico's reporting. The report indicates that the threshold for acquiring such surveillance technologies has been significantly lowered, raising concerns that foreign governments—and potentially cybercriminals—could more easily target UK citizens, private companies, and critical infrastructure with advanced spyware. 

The report also highlights a rise in the number of countries with access to commercial spyware, from an estimated 80 in 2023 to more than 100 today.

Commercial spyware is typically developed by private cybersecurity firms such as NSO Group, known for its Pegasus spyware, and Paragon Solutions, which develops the Graphite spyware platform. These tools often exploit vulnerabilities in smartphones and computer systems to gain unauthorised access, enabling operators to extract messages, location data, call records, and other sensitive information from targeted devices.

While governments frequently claim that these tools are used strictly for counterterrorism and serious criminal investigations, cybersecurity researchers and human rights organisations have repeatedly raised concerns about their misuse. Reports suggest spyware has been deployed against journalists, political opponents, and government critics in various regions.

According to UK intelligence assessments, the range of potential spyware targets has expanded in recent years beyond traditional security threats. The victim profile now reportedly includes bankers, executives, and wealthy individuals, reflecting a broader use of surveillance technologies.

Richard Horne, head of the UK National Cyber Security Centre, is expected to address the issue in a speech at the CYBERUK conference in Glasgow. In pre-released remarks, Horne stated that British businesses are "failing to grasp the reality of today's world," highlighting growing cybersecurity risks across both public and private sectors.

Horne also noted that the majority of nationally significant cyberattacks affecting the United Kingdom are linked to foreign state actors rather than traditional cybercriminal groups.

The UK government, along with allied nations, has also reported ongoing cyber intrusions linked to China. These operations are believed to focus on intelligence gathering, surveillance of high-profile individuals, and preparation for potential disruptive cyber operations in the event of geopolitical escalation involving Taiwan.

Beyond state-sponsored threats, the spyware ecosystem is increasingly being exploited by criminal actors. Earlier this year, a hacking toolkit known as DarkSword—containing multiple exploits capable of compromising modern iPhones and iPads—was leaked online. The toolkit enabled attackers to create malicious websites capable of infecting Apple devices that had not yet installed the latest security updates.

Security experts warn that such leaks demonstrate a recurring risk: even highly classified surveillance tools developed for government use can eventually be exposed, repurposed, and distributed widely, significantly increasing the potential scale of cyberattacks and endangering millions of users globally.