Security News > 2021 > July > Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits
A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors.
The two reports come less than 24 hours after Google's Threat Analysis Group documented four separate zero-day exploits in Chrome, Internet Explorer, and Webkit that were created and sold by Candiru to government-backed attackers.
Exploit code from the mysterious Candiru was first observed in.
The Citizen Lab report, titled Hooking Candiru, documents how the research outfit scanned the internet and found more than 750 websites linked to Candiru's spyware infrastructure.
Microsoft's Threat Intelligence Center released its own report on Candiru, aka SOURGUM, describing the company as a "Private-sector offensive" actor in the business of hawking and using Windows zero-day exploits.
Redmond's threat hunters found Candiru using a chain of browser and Windows exploits to plant malware on targeted victims.
News URL
Related news
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)