New Citizen Lab report by Gary Miller and Swantje Lange, with an incredibly sophisticated analysis of covert surveillance operations with a focus on location tracking, which target phones by exploiting/attacking weaknesses in global 3G/4G telecom networks and sending invisible SMS while acting as trusted telecom operators:
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/
The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors

Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploit the global telecom interconnect ecosystem, leverage private operator networks, and conduct covert location tracking operations that can persist undetected for years.

The Citizen Lab

"Internal files obtained by Haaretz show that Cognyte's parent company, Verint, sold a product called SkyLock - an SS7-based tracking tool - to a government client in the Democratic Republic of Congo. ... The files also show the company's commercial ties with operators in Thailand, Malaysia, Indonesia, Vietnam and Congo - some of the same countries where the first tracking campaign was later identified [by Citizen Lab]"

Follow-up investigation by Omer Benjakob:
https://www.haaretz.com/israel-news/security-aviation/2026-05-03/ty-article-magazine/ghost-operators-how-israeli-telecoms-were-exploited-to-track-citizens-worldwide/0000019d-e9c0-dd9a-a79d-ede90a450000