Security News > 2021 > July > Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware

Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware
2021-07-19 09:01

The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab.

"Candiru's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said.

Founded in 2014, the private-sector offensive actor - codenamed "Sourgum" by Microsoft - is said to be the developer of an espionage toolkit dubbed DevilsTongue that's exclusively sold to governments and is capable of infecting and monitoring a broad range of devices across different platforms, including iPhones, Androids, Macs, PCs, and cloud accounts.

Citizen Lab said it was able to recover a copy of Candiru's Windows spyware after obtaining a hard drive from "a politically active victim in Western Europe," which was then reverse engineered to identify two never-before-seen Windows zero-day exploits for vulnerabilities tracked as CVE-2021-31979 and CVE-2021-33771 that were leveraged to install malware on victim boxes.

764 domains linked to Candiru's spyware infrastructure were uncovered, with many of the domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.

"Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets' computers, phones, network infrastructure, and other devices," Microsoft Threat Intelligence Center said in a technical rundown.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/kxKUMcFXWq8/israeli-firm-helped-governments-target.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-33771 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Windows Kernel Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-119
7.8
2021-07-14 CVE-2021-31979 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Windows Kernel Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-119
7.8