Microsoft said on Thursday (15 July) that it has blocked hacking tools developed by an Israeli company that targeted more than 100 victims around the world, including politicians, human rights activists, journalists, academics, embassy workers, and political dissidents.
In its blog post, Microsoft noted that it patched the vulnerability exploited by the company, which is known as Candiru and SOURGUM.
“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices.
“These agencies then choose who to target and run the actual operations themselves,” it stated.
Citizen Lab said in a blog post that it has identified the Israeli company as Candiru, warning that it is “a secretive Israel-based company that sells spyware exclusively to governments” which can then infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.
More than 750 websites were linked to Candiru’s spyware infrastructure, it stated.
“We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities,” said Citizen Lab.
Microsoft revealed in another statement on Thursday that agencies in Uzbekistan, United Arab Emirates, and Saudi Arabia are among the list of Candiru’s alleged previous customers, which are then likely to choose whom to target and run the “cyberoperation” themselves.
“Approximately half of the victims were found in Palestinian Authority, with most of the remaining victims located in Israel, Iran, Lebanon, Yemen, Spain (Catalonia), United Kingdom, Turkey, Armenia, and Singapore.
“To be clear, the identification of victims of the malware in a country doesn’t necessarily mean that an agency in that country is a SOURGUM customer, as international targeting is common,” it asserted.
To limit these attacks, Microsoft said it has created and built protections into its products against the malware, which will be called “DevilsTongue”, and has also worked with Citizen Lab to disable the malware used by SOURGUM.
“We initially started this work after receiving a tip from Citizen Lab about malware used by SOURGUM. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) spent weeks examining the malware, documenting how it works and building protections that can detect and neutralize it.
“We named the malware DevilsTongue. We’ve built protections against DevilsTongue into our security products, and we’ve shared these protections with others in the security community so they can protect their customers,” it noted.