Microsoft said on Thursday (15 July) that it has blocked hacking tools developed by an Israeli company that targeted more than 100 victims around the world, including politicians, human rights activists, journalists, academics, embassy workers, and political dissidents.

In its blog post, Microsoft noted that it patched the vulnerability exploited by the company, which is known as Candiru and SOURGUM.

“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices.

“These agencies then choose who to target and run the actual operations themselves,” it stated.

Citizen Lab said in a blog post that it has identified the Israeli company as Candiru, warning that it is “a secretive Israel-based company that sells spyware exclusively to governments” which can then infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.

More than 750 websites were linked to Candiru’s spyware infrastructure, it stated.

“We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities,” said Citizen Lab.

Microsoft revealed in another statement on Thursday that agencies in Uzbekistan, United Arab Emirates, and Saudi Arabia are among the list of Candiru’s alleged previous customers, which are then likely to choose whom to target and run the “cyberoperation” themselves.

“Approximately half of the victims were found in Palestinian Authority, with most of the remaining victims located in Israel, Iran, Lebanon, Yemen, Spain (Catalonia), United Kingdom, Turkey, Armenia, and Singapore.

“To be clear, the identification of victims of the malware in a country doesn’t necessarily mean that an agency in that country is a SOURGUM customer, as international targeting is common,” it asserted.

To limit these attacks, Microsoft said it has created and built protections into its products against the malware, which will be called “DevilsTongue”, and has also worked with Citizen Lab to disable the malware used by SOURGUM.

“We initially started this work after receiving a tip from Citizen Lab about malware used by SOURGUM. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) spent weeks examining the malware, documenting how it works and building protections that can detect and neutralize it.

“We named the malware DevilsTongue. We’ve built protections against DevilsTongue into our security products, and we’ve shared these protections with others in the security community so they can protect their customers,” it noted.

Subscribe
Notify of
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
You May Also Like

UK furlough scheme to be extended 4 months until October

Speaking to BBC News the UK Chancellor Rishi Sunak said that due…

Joint letter issued to MHA by IBAHRI and ICJ about how death penalty fail to comply with international human rights law and standards

SINGAPORE — In an open letter to Singaporean authorities published today (27 Oct), the International Bar…

Singapore ranked 4th the cleanest, least corrupt nation perceived in the world

In this year’s annual ranking of countries based on corruption level, Singapore…

Twitter admits ‘massive’ outage as woes continue

Twitter suffers a brief outage as users worldwide report they couldn’t read links to articles from outside websites. The breakdown was fixed within an hour, but experts say Twitter is running on a skeleton staff, leaving the platform vulnerable to outages as well as disinformation and harmful content given the fewer numbers to keep the site up and running.