Security News > 2021 > July > Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits
A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors.
The two reports come less than 24 hours after Google's Threat Analysis Group documented four separate zero-day exploits in Chrome, Internet Explorer, and Webkit that were created and sold by Candiru to government-backed attackers.
Exploit code from the mysterious Candiru was first observed in.
The Citizen Lab report, titled Hooking Candiru, documents how the research outfit scanned the internet and found more than 750 websites linked to Candiru's spyware infrastructure.
Microsoft's Threat Intelligence Center released its own report on Candiru, aka SOURGUM, describing the company as a "Private-sector offensive" actor in the business of hawking and using Windows zero-day exploits.
Redmond's threat hunters found Candiru using a chain of browser and Windows exploits to plant malware on targeted victims.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)