Six governments across Central Asia and Latin America have acquired the Russian-made System for Operative Investigative Activities (SORM), a wiretapping technology. This expands their capacity, and potentially that of Russian intelligence, to intercept communications.

SORM involves monitoring devices placed within a telecom provider’s infrastructure, relaying information like mobile numbers, phone IDs, geolocation, names, emails, and IP addresses to the client government’s intelligence agency. This is according to threat intelligence firm Recorded Future, which revealed in an analysis that Belarus, Kazakhstan, Kyrgyzstan, Uzbekistan, Cuba, and Nicaragua have likely obtained this citizen wiretapping technology.

Western entities, both corporate and individual, should implement safeguards for their communications and be aware of surveillance risks when visiting countries with weak civil protections against wiretapping, advises a threat analyst with Recorded Future’s Insikt group, who requested anonymity.

"Even in Western countries without SORM, surveillance frameworks can be misused. However, it’s crucial to consider the broader context when Russian-built systems are implemented in countries known for state surveillance," the analyst states. "Human rights advocates, activists, journalists, civil society members, and foreign travelers could all be targets."

Related: Fake CrowdStrike ‘Job Interviews’ Become Latest Hacker Tactic

The proliferation of Russia’s SORM underscores the global rise of digital surveillance. Spyware developers, like NSO Group (Pegasus) and Intellexa Consortium (Predator), have expanded globally, bypassing obstacles to sales in sanctioned nations, as per an Atlantic Council report from September. The report found that 41% of countries globally have licensed commercial spyware, including 14 EU members.

Wiretapping and spyware often serve legitimate purposes, such as criminal investigations or intelligence gathering. However, the Atlantic Council analysts warn that abuse is inevitable in countries with weak civil liberties protections or poor digital surveillance regulations.

Related: Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs

"Spyware allows states to breach secure technologies, target citizens abroad, and even monitor senior officials domestically and internationally," the Atlantic Council analysts stated. "Where this information fuels repression and abuse, the harm is immense."

The Spyware Nexus: An R Joins the Three I’s

The Atlantic Council previously identified 435 entities involved in commercial spyware, mostly linked to Israel, Italy, and India. Russia has now emerged as a major surveillance technology provider.

Russian law mandates that telecom providers install and maintain SORM-compliant devices, but they cannot access the devices’ functionalities or audit data collection, as per Recorded Future. Countries within Russia’s sphere of influence have enacted similar laws, often relying on Russian providers for installation and service, potentially granting Russia access to intercepted communications.

Related: Unconventional Cyberattacks Aim to Take Over PayPal Accounts

Recorded Future identified SORM adoption through various indicators, including marketing materials and provider websites. Citadel, Norsi-Trans, and Protei are the largest SORM providers, likely exporting products and services to at least 15 telecom companies, along with five other identified firms.

Vitor Ventura, manager for EMEA and Asia at Cisco Talos, emphasizes the growing risks of illicit digital surveillance. "Some countries permit interceptions for reasons disallowed elsewhere, often citing national security," he says, noting a recent global surge in surveillance technology.

"Laws haven’t changed drastically, but there’s greater demand and supply," he adds. "Prices have dropped, making surveillance technology accessible to more actors."

Know Your Telecom Tech, Wiretapping Laws

Companies with employees in nations with weaker civil liberties should consider privacy and encryption tools. However, Recorded Future notes that VPN providers are often subject to the same laws as telecom providers and might share intelligence with government agencies.

The cyber-risks echo the US government’s concerns regarding Kaspersky, whose antivirus products were banned in mid-2024, the Recorded Future analyst notes.

"These telecom companies potentially have access to vast amounts of data, making them high-value intelligence targets," the analyst says. "The risks associated with Kaspersky also apply to Russian SORM providers."

Companies should monitor the technology’s spread. For instance, Russian provider Protei markets SORM in Africa, the Middle East, and Latin America, suggesting potential future adoption in these regions.