I would be very curious to see how they might remotely deploy malware to US residential internet subscribers. It's probably unlikely that they would use client-side zerodays for such a task, since it would only take one of the targets to realize something happened and then analyze a packet capture to bust the whole thing.
If I were to guess, they probably only stick to ISP-level monitoring in most cases, and in other cases maybe they'll physically install malware on a system when they have to.
If I were to guess, they probably only stick to ISP-level monitoring in most cases, and in other cases maybe they'll physically install malware on a system when they have to.