An Israeli cyber warfare organization weaponized vulnerabilities in Microsoft and Google products, allowing governments to invade more than 100 journalists, activists, and political dissidents around the world. New research found it.
The relatively unknown company calls itself Candiru and is part of the lucrative Israeli offensive cyber industry that often recruits veterans from the military’s elite units and sells software that allows its customers to remotely hack computers and cell phones.
Companies like Candiru and NSO Group, the largest player in this opaque industry (worth $1 billion in transactions in 2019), stated that their software is designed to be used by governments and law enforcement agencies to stop potential terrorism and crime.
But human rights organizations such as the United Nations, the University of Toronto’s Citizen Lab, and Amnesty International regularly track spyware on the phones and computers of journalists, dissidents, and activists criticizing the authoritarian regime.
Emails sent to multiple addresses listed for Candiru executives seeking comments were either bounced or received no response.
In this case, Microsoft and Citizen Lab discovered that Candiru had sold a spyware tool that took advantage of flaws in Microsoft Windows to allow its deployers to steal passwords and export files and messages from devices (including encrypted messaging app Signal) , As well as from email and social media accounts.
The report stated that its analysis found that Candiru’s system was sold exclusively to the government and “operated in countries such as Saudi Arabia, Israel, the UAE, Hungary, and Indonesia.”
According to the report, Candiru’s spyware targeted at least 100 members of civil society, including politicians, human rights activists, journalists, academics, embassy staff and dissidents in the United Kingdom, Spain, Singapore, and Israel and the Occupied Palestinian Territory. Political opinion person.
Researchers also found more than 750 fake websites, including Amnesty International, the Black Fate Movement, and the Russian postal service, which contained spyware.
“Since its inception, Candiru has been trying to stay in the shadows,” said Bill Marczak, a senior researcher at the Citizen Lab. “But for companies that promote authoritarianism by selling spyware used against journalists, activists, and civil society, there is no room in the shadows.”
Microsoft Said in a blog post A software update was released this week, “This will protect Windows customers from attacks [the company] Used to help spread its malware”.
In addition, the Citizen Lab report found that the two Google browsers Vulnerability disclosure Candilu, used by Silicon Valley companies on Wednesday. Although Google did not explicitly link the exploit to Candiru, it blamed it on a “commercial surveillance company.”
The report raises serious concerns about the growing employment spyware industry, which is increasingly arousing the outrage of large technology platforms whose software can be weaponized by these groups. Candiru’s larger rival, NSO Group, is currently facing a lawsuit against WhatsApp, which, supported by other technology groups, is suspected of selling tools that allow customers to secretly inject its software into mobile phones via WhatsApp calls.
In Candiru’s 2019 marketing documents seen by the British Financial Times, the organization promoted its “superpower-level cyber intelligence system”, stating that “the installation and penetration process is hidden and will not interrupt the normal activities of the target.”
It added, “Using a set of attack vectors and zero-day vulnerabilities developed in-house, a proprietary penetration agent was quietly deployed to the target device”-which shows that the Microsoft Windows vulnerability is just one of the vulnerabilities it has been exploiting.
Google stated in a post this week that “compared to the early 2010s, there are more commercial vendors selling 0-day access.”
Christine Goodwin, general manager of Microsoft’s digital security department, said: “A world where private-sector companies manufacture and sell cyber weapons is even more dangerous for consumers, businesses of all sizes, and governments.”