Security News > 2021 > July > Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits
A secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors.
The two reports come less than 24 hours after Google's Threat Analysis Group documented four separate zero-day exploits in Chrome, Internet Explorer, and Webkit that were created and sold by Candiru to government-backed attackers.
Exploit code from the mysterious Candiru was first observed in.
The Citizen Lab report, titled Hooking Candiru, documents how the research outfit scanned the internet and found more than 750 websites linked to Candiru's spyware infrastructure.
Microsoft's Threat Intelligence Center released its own report on Candiru, aka SOURGUM, describing the company as a "Private-sector offensive" actor in the business of hawking and using Windows zero-day exploits.
Redmond's threat hunters found Candiru using a chain of browser and Windows exploits to plant malware on targeted victims.
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Enterprise tech dominates zero-day exploits with no signs of slowdown (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More (source)