NCSC: phone‑hacking tech global

Britain’s cyber agency says more than 100 countries now have spyware that can break into phones and computers. (ncsc.gov.uk) National Cyber Security Centre chief Richard Horne gave the warning at the CYBERUK conference in Glasgow on April 22, 2026. Politico reported the new estimate is up from 80 countries in 2023. (ncsc.gov.uk) (politico.eu) Spyware is surveillance software sold by private companies to governments; products such as Pegasus and Graphite exploit flaws in phones to extract messages, files and other data. TechCrunch reported the U.K. warning said the tools can also be used against computers. (techcrunch.com) Horne’s CYBERUK speech said most nationally significant cyber incidents affecting the U.K. now come directly or indirectly from nation states, not criminal gangs. The same speech described China as a “peer competitor in cyberspace.” (ncsc.gov.uk) (gchq.gov.uk) The NCSC has been moving in that direction for two years. In its 2023 annual review, it called China’s rise in cyber power an “epoch-defining challenge,” and in its 2024 review it said China remained a highly sophisticated threat actor targeting sectors including energy, transportation and water. (ncsc.gov.uk 1) (ncsc.gov.uk 2) On April 23, 2026, the NCSC and 15 international partners published a separate advisory on China-linked “covert networks” built from compromised home routers and smart devices. The advisory said these networks are used at scale to hide attacks, steal data and keep long-term access to targets. (ncsc.gov.uk 1) (ncsc.gov.uk 2) That paper said the majority of China-linked threat actors are using those covert networks, and named Volt Typhoon and Flax Typhoon as examples tied to critical infrastructure pre-positioning and espionage. The partner list included the U.S. Cybersecurity and Infrastructure Security Agency, National Security Agency and Federal Bureau of Investigation. (ncsc.gov.uk) The spyware warning also widened the likely victim pool. TechCrunch, citing Horne’s speech, reported U.K. officials now say targeting has expanded beyond dissidents, journalists and politicians to include bankers and wealthy businesspeople. (techcrunch.com) The NCSC’s message to companies is less about any single app than about trust in the devices, vendors and networks they already use. Horne’s speech urged organizations to focus on fundamentals such as patching, replacing legacy systems and treating cyber risk as part of national resilience. (ncsc.gov.uk) The immediate shift is that phone hacking is no longer a niche capability held by a few intelligence services. Britain’s cyber agency is now describing it as a broad state-level risk arriving alongside a harder line on China’s cyber operations. (politico.eu) (ncsc.gov.uk)