How to verify and source reports on spyware used against dissidents

[Madison_T]

I'm a journalist researching a long-form piece on the weaponization of digital surveillance technology to facilitate global human rights violations, focusing on how certain governments use spyware and data extraction tools to target dissidents and journalists, often with the tacit support or direct sales from Western companies. The challenge is connecting the technical capabilities to specific, documented abuses in a way that is legally sound and compelling for a general audience, while also protecting sources who are at extreme risk. For other reporters or researchers working in this space, how do you navigate the verification of highly technical evidence, like forensic mobile device reports, and what strategies do you use to get commentary from implicated corporations or governments that routinely stonewall inquiries? What are the most effective frameworks for presenting this complex issue without overwhelming readers or having the story dismissed as overly activist?