Israeli firm’s spyware used against dissidents, Microsoft says

A spyware campaign using tools from a secretive Israeli firm was used to attack and impersonate dozens of human rights activists, journalists, dissidents, politicians and others, researchers said on July 15, 2021. Statements from Microsoft security researchers and the University of Toronto's Citizen Lab said powerful ‘cyberweapons’ were being used in precision attacks targeting more than 100 victims around the world. — AFP

At least 100 activists, journalists and government dissidents across 10 countries were targeted with spyware produced by an Israeli company called Candiru, according to cybersecurity researchers at the University of Toronto’s Citizen Lab, which tracks illegal hacking and surveillance.

Using a pair of vulnerabilities in Microsoft Corp’s Windows, cyber operatives operating in Saudi Arabia, Israel, Hungary, Indonesia and elsewhere purchased and installed remote spying software made by Candiru, according to the researchers. The tool was used in “precision attacks against targets’ computers, phones, network infrastructure and Internet-connected devices”, said Cristin Goodwin, general manager of Microsoft’s Digital Security Unit.

Microsoft was alerted to these attacks by researchers at Citizen Lab, and after weeks of analysis, the company released patches on July 13 for a pair of Windows vulnerabilities believed to be the point of entry for the spyware, according to a Microsoft blog published Thursday. Microsoft doesn’t name Candiru but instead refers to an “Israel-based private sector offensive actor” it calls Sourgum.

Candiru didn’t immediately respond to a message seeking comment. Candiru is the name of an eel-like fish native to the Amazon River region that allegedly enters the urethra of humans before deploying short spines – a story some have dismissed as a myth.

The users of the spyware also hacked politicians and human rights activists, according to the researchers, who declined to name the victims.

The Citizen Lab researchers said the Candiru spyware is part of a thriving private industry selling technology to governments and authoritarian leaders so they can gain access to the communications of private citizens and political opposition. Another Israeli company, NSO Group Ltd, has been accused of providing spyware to repressive governments that have used it to snoop on journalists and activists.

NSO has maintained that it sells its technology exclusively to governments and law enforcement as a tool against terrorism and crime. In a report published on June 30, NSO Group said it refuses to sell spyware to 55 countries and has taken steps to curb misuse by customers.

John Scott-Railton, senior researcher at Citizen Lab, said the Candiru research “shows there’s a whole ecosystem selling to authoritarian regimes”.

“Tools like Candiru are used to export fear,” he added.

Citizen Lab’s findings also offered some fresh insight into the cost of doing business in the spyware industry.

For €16mil (RM79.35mil), Candiru’s clients can attempt to compromise an unlimited number of devices but are limited to actively tracking only 10 at a time, according to Citizen Lab. For an extra €1.5mil (RM7.43mil), buyers can monitor an additional 15 victims.

Candiru has clients in Europe, Russia, the Middle East, Asia and Latin America, according to the Israeli newspaper Haaretz. Local news organisations have reported contracts in Uzbekistan, Saudi Arabia, the United Arab Emirates, Singapore and Qatar, according to Citizen Lab’s report.

Candiru’s clients are restricted to operating only in “agreed upon territories”, according to Citizen Lab. The company’s clients sign contracts that limit operations outside the US, Russia, China, Israel and Iran, according to the report. But Microsoft said it has recently discovered activity with the spyware in Iran, suggesting the rules aren’t concrete, according to the report. – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

Next In Tech News

Fund advisor presses EV startup Rivian on environment, human rights ahead of IPO
PayPal in talks to buy Pinterest - source
America Movil says ready to launch 5G in Mexico; plans to sell Tracfone this year
Logistics tech firm Flock Freight turns unicorn after SoftBank-led funding
Alphabet's Wing project will unveil new drone delivery model in Texas
Analysis-Eat or be eaten? Food delivery apps have knives out as pandemic boom fades
India's Future Retail must take part in Amazon dispute arbitration, Singapore panel says
Amazon and others commit to using zero-carbon shipping fuels by 2040
Bourse operator Cboe to buy digital asset exchange ErisX
Exclusive-Renault sees bigger production hit from chip shortage - sources

Others Also Read