It has been reported that the US Congress wants to know which foreign governments are using commercially available spyware. According to the bill’s draft, the Director of National Intelligence will have to submit a report to Congress on the status of surveillance tools, the companies that make these, and which foreign governments have adopted the technology.

While it’s useful to understand the prevalence of commercial spyware use by foreign actors, Congress would be shocked to learn that most threat actors rely on publicly available post exploitation software tools (PESTs) to compromise targets in the US and elsewhere. While PESTs have some benefit as resources for red teams, the cost of their use by intruders far outweighs any benefits.