US investors in spyware firms nearly tripled in 2024: report

The number of U.S.-based investors bankrolling spyware companies nearly tripled in 2024, with 31 American firms found to be backing the manufacturers compared to just 11 in 2023.

The finding was published by the Atlantic Council think tank in a report released Wednesday which analyzed 561 spyware entities — vendors, supplies, partners, investors, individuals, holding companies and alumni — across 46 countries.

The U.S. is the largest investor in the spyware market, according to the nonprofit’s analysis. The next two largest spyware financial hubs are Israel with 26 investors and Italy, which has emerged as a major spyware center, with 12.

The role American investors are playing in propping up spyware vendors is notable given the aggressive actions the U.S. government has taken to rein in the sector, including through sanctions, entity listings and visa restrictions.

Paragon — whose Graphite product was allegedly used to target 90 WhatsApp users in more than two dozen countries — was acquired by Florida-based AE Industrial Partners last year. 

Victims of the WhatsApp targeting who have come forward include members of civil society and journalists in the Netherlands and Italy. 

U.S.-based Integrity Partners invested in Saito Tech Ltd —which manufactures the mercenary spyware Candiru and has been on the Commerce Department’s Entity List since 2021 — earlier this year, according to the Atlantic Council. 

The Entity List designates foreign individuals, businesses and groups which are involved in activities believed to threaten U.S. foreign policy or national security interests, exposing them to draconian export licensing requirements and significant reputational damage.

The market for spyware is becoming more global, the report says, highlighting that new spyware entities were found in Japan, Malaysia and Panama.

Four new spyware vendors, 10 new suppliers and seven new resellers and brokers emerged last year, according to the report.

Resellers and brokers — which are used to obscure spyware firms’ activities and ownership — are playing a more central role in the spyware market than was previously known, according to the report.

"Resellers and brokers contribute to the sprawling and opaque spyware supply chain,” report co-author Sarah Graham said via email. “Complex corporate structures and jurisdictional workarounds make attempts at transparency and accountability challenging, with effectively no policy response to curb this dimension of the market."

The report comes a day after Apple announced the soon-to-be-released iPhone 17 will include a memory safety feature which the company said is explicitly designed to reduce the attack surface for spyware.

“While there’s no such thing as perfect security, MIE (Memory Integrity Enforcement) is designed to dramatically constrain attackers and their degrees of freedom during exploitation,” the company said in a blog post.

MIE is the result of extensive research by Apple’s offensive research team, which studied “sophisticated exploit chains that were previously used against our platform, recent vulnerabilities, and our own internal research,” the blog post said.