{
	"id": "f7c448b2-8122-4487-86d7-9b992382acaa",
	"created_at": "2026-04-06T00:13:27.310152Z",
	"updated_at": "2026-04-10T03:30:33.449803Z",
	"deleted_at": null,
	"sha1_hash": "8c039d4fba703ec784107da3173b5fc2b61d459f",
	"title": "A Unified Front Against Cyber Mercenaries - Precision PC Repair",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 70235,
	"plain_text": "A Unified Front Against Cyber Mercenaries - Precision PC Repair\r\nBy admin\r\nPublished: 2023-11-11 · Archived: 2026-04-02 11:43:12 UTC\r\nMultistakeholder commitments from the Paris Call community\r\nThe Cybersecurity Tech Accord welcomes the new Paris Call Blueprint on Cyber Mercenaries released today by\r\nthe Paris Peace Forum and developed by a coalition within the Paris Call for Trust and Security in Cyberspace.\r\nThe Blueprint aims to drive multistakeholder cooperation to curb the growing market of cyber mercenaries around\r\nthe world. The recommendations included in the Blueprint build on the industry principles released by the\r\nCybersecurity Tech Accord last spring and go a step further to underscore that this challenge requires\r\nmultistakeholder cooperation. The Cybersecurity Tech Accord has been a supporter of the Paris Call since its\r\nlaunch in 2018 and is proud to have joined the working group responsible for this new guidance. Preventing harms\r\nfrom firms that weaponize peaceful technology for profit will take industry action, as well as support from civil\r\nsociety; but perhaps more than anything it will require initiative and leadership by governments. That is why, as\r\nwe welcome this new guidance today, we are also announcing that the Cybersecurity Tech Accord will intend to\r\ntrack and highlight which governments adopt policies consistent with these recommendations moving forward. \r\nA growing and dynamic threat\r\nThe term “cyber mercenaries” refers to private entities operating in a grey market for the development of\r\noffensive cyber capabilities generally sold to government customers. The malicious tools and services sold by\r\nthese firms constitute some of the most sophisticated threats and largest contributors to cyber risk across the\r\ndigital ecosystem. The existence of this market incentivizes the widespread development of military-grade cyber\r\nweapons that target consumer products and inevitably proliferate to a wide range of actors. Moreover, especially\r\nin the hands of more authoritarian states, these capabilities have been used to target, track and surveil political\r\ndissidents, journalists and human rights defenders around the world. \r\nThe persistence of the cyber mercenary market is antithetical to the principles of the Paris Call. It is fitting then\r\nthat a working group including governments, companies and civil society brought together by the Paris Call are\r\ntoday announcing the below recommendations for respective stakeholders seeking to limit the risks posed by\r\ncyber mercenaries. Each of these recommendations is expanded upon in further detail in the statement from the\r\nworking group, which the Cybersecurity Tech Accord was proud to have participated in. \r\nPriority recommendations from Paris Call working group\r\nGovernment recommendations\r\nDevelop clear acceptable use guidelines \r\nSafeguard ICT exports from malicious use\r\nAdopt transparent procurement practices \r\nMandate vendor verification\r\nhttps://precisionpconline.com/a-unified-front-against-cyber-mercenaries/\r\nPage 1 of 3\n\nBlacklist violators\r\nGovernment and industry recommendations\r\nPrevent purchases by non-State actors \r\nRequire oversight \r\nIndustry recommendations\r\nRespect the Cybersecurity Tech Accord industry principles\r\nVulnerability discovery and handling\r\nIndustry and civil society recommendations\r\nPublish evidence-based findings to contextualize threats \r\nCivil society recommendations\r\nExpand collective knowledge of the market\r\nGovernment accountability tracking\r\nLooking at the list of recommendations above, governments clearly have a large role to play in setting\r\nexpectations and promoting accountability when it comes to their procurement and use of cyber mercenaries. The\r\nunrestricted use, and too-often abuse, of such firm’s services is inconsistent with the values of liberal democracies\r\nin particular. To this end, the Cybersecurity Tech Accord is announcing today that we will begin tracking which\r\ngovernments – starting with those who have endorsed the Paris Call – adopt policies and regulations to live-up to\r\nthe guidance reflected in the first seven recommendations in bullet points above (on the left). This is intended to\r\nhelp showcase responsible practices and different approaches that may inspire similar steps to be taken by other\r\ngovernments to address a shared problem. \r\nThe Cybersecurity will launch this tracker based on the guidance for governments in advance of the Summit for\r\nDemocracy in March, 2024, as the next prominent gathering of the world’s democracies focused on addressing\r\nthese challenges. For examples of recent government actions reflect this guidance and help limit the risk posed by\r\ncyber mercenaries, we would like to highlight the following initiatives and resources. \r\nEuropean Union: PEGA Committee final report recommendations (June 2023)\r\nUnited States: Executive Order to Prohibit U.S. Government Use of Commercial Spyware that Poses\r\nRisks to National Security (March 2023)\r\nFreedom Online Coalition: Guiding Principles on Government Use of Surveillance Technologies (March\r\n2023)\r\nFrance and the United Kingdom: UK-France Joint Leaders’ Declaration (March 2023)\r\nGovernment coalition: Declaration for the Future of the Internet (March 2022)\r\nWhile much of the activity above focuses on the use of spyware technology developed by cyber mercenary firms\r\nfor surveillance, the threats posed by independent companies developing malicious software certainly goes much\r\nfurther than and we encourage governments to take a more expansive view of the issue space. \r\nhttps://precisionpconline.com/a-unified-front-against-cyber-mercenaries/\r\nPage 2 of 3\n\nIndustry stepping up\r\nFor our part, the Cybersecurity Tech Accord continues to encourage the tech sector to take actions, as able, to\r\ncounter cyber mercenaries across our respective platforms and consistent with the principles we released last\r\nspring. Recent examples of industry action against cyber mercenaries includes the following:\r\nRooting out spyware (Bitdefender) – Earlier this year, Bitdefender discovered and reported on a spyware\r\ndelivered surreptitiously via VPN installers, identifying indicators of infection. The spyware, SecondEye,\r\nwas developed by a legitimate company based in Iran and was being used to surveil targets seeking to use\r\nVPN services in a region where they are widely utilized to avoid government internet controls. Most of\r\nthese detections originated from Iran, with a small pool of victims in Germany and the US as well.\r\nConcrete Industry Regulatory Principles (Meta) – Building on successive threat reports providing\r\ninsights into the spyware industry and its indiscriminate targeting of people, Meta released\r\nits comprehensive recommendations and regulatory principles for addressing these growing threats.\r\nBlue Tsunami takedown (Microsoft/LinkedIn) – LinkedIn, supported by Microsoft Threat Intelligence,\r\nrecently shutdown hundreds of likely fake accounts and dozens of fake company pages on the LinkedIn\r\nplatform that were linked to a cyber mercenary group “Blue Tsunami.” This actor engages in social\r\nengineering to facilitate human intelligence collection. Microsoft assesses with high confidence that Blue\r\nTsunami activity is strongly associated with Black Cube, a private intelligence firm. Blue Tsunami is\r\nknown to primarily target individuals of interest to Black Cube clients worldwide, including those who\r\nwork in human rights, financial, and consulting industries, among many others.\r\nPodcast: Cyber mercenaries and the global surveillance-for-hire market (Cybersecurity Tech\r\nAccord) – The topic of cyber mercenaries was discussed at length in a recent episode of the Patching the\r\nSystem Podcast featuring representatives from Cisco and the CyberPeace Institute drawing greater\r\nattention to the phenomenon and the types of legal, administrative, and technical actions are being taken in\r\nresponse by industry and other actors. \r\nThe rise of cyber mercenaries poses a serious threat to human rights, democracy, and peace in the digital age. In\r\nthe face of this challenge it is encouraging to see the emergence of such widespread consensus around not only the\r\nurgency of the issue but also the responsibilities of different stakeholders for addressing it. The Paris Call\r\nguidance released today gives hope for more a more coordinated and effective response from governments, civil\r\nsociety, and the private sector. The Cybersecurity Tech Accord looks forward to continuing to support these\r\nefforts.\r\nThe post A Unified Front Against Cyber Mercenaries appeared first on Cybersecurity Tech Accord.\r\nSource: https://precisionpconline.com/a-unified-front-against-cyber-mercenaries/\r\nhttps://precisionpconline.com/a-unified-front-against-cyber-mercenaries/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"references": [
		"https://precisionpconline.com/a-unified-front-against-cyber-mercenaries/"
	],
	"report_names": [
		"a-unified-front-against-cyber-mercenaries"
	],
	"threat_actors": [
		{
			"id": "cf02412a-041a-4c8d-8ffa-3bff7dd812b5",
			"created_at": "2024-02-02T02:00:04.018717Z",
			"updated_at": "2026-04-10T02:00:03.524693Z",
			"deleted_at": null,
			"main_name": "Blue Tsunami",
			"aliases": [
				"Black Cube"
			],
			"source_name": "MISPGALAXY:Blue Tsunami",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434407,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8c039d4fba703ec784107da3173b5fc2b61d459f.pdf",
		"text": "https://archive.orkl.eu/8c039d4fba703ec784107da3173b5fc2b61d459f.txt",
		"img": "https://archive.orkl.eu/8c039d4fba703ec784107da3173b5fc2b61d459f.jpg"
	}
}