An Israeli organization sold a tool to hack into Microsoft Windows. Microsoft and the technical human rights organization Citizen Lab said Thursday that this reveals the growing business of finding and selling tools to hack into widely used software.
A report by Citizen Lab stated that the hacking tool vendor named Candiru created and sold a software vulnerability that can penetrate Windows. This is one of the many intelligence products sold by a secret industry that finds general purpose products for customers. Defects in the software platform.
Citizen Lab’s report shows that technical analysis by security researchers detailed how Candiru’s hacking tools spread to many unnamed customers around the world, where they were then used to target various civil society organizations, including a Saudi dissident. The group and a left-leaning Indonesian news media and Microsoft showcased.
Attempts to contact Candiru for comments were unsuccessful.
According to a report by Citizen Lab, Microsoft’s recovered evidence of exploits indicates that it was deployed to users in several countries, including Iran, Lebanon, Spain, and the United Kingdom.
Citizen Lab said in its report: “The growing presence of Candiru and the use of surveillance technology for global civil society are a powerful reminder that the mercenary spyware industry contains many participants and is vulnerable to widespread abuse.”
Microsoft on Tuesday fixed the defects found through a software update. Microsoft did not directly attribute these vulnerabilities to Candiru, but referred to it as an “Israeli private sector attacker” code-named Sourgum.
Microsoft wrote in a blog post: “Sourgum usually sells cyber weapons so that its customers (usually government agencies around the world) can invade the computers, phones, network infrastructure, and Internet-connected devices of its targets.” “And then these The organization chooses who will locate it and run the actual operation on its own.”
Candiru’s tools also take advantage of the weaknesses of other common software products, such as Google’s Chrome browser.
On Wednesday, Google published a blog post in which it disclosed two Chrome software flaws related to Candiru discovered by Citizen Lab. Google also did not mention Candiru’s name, but instead described it as a “commercial surveillance company.” Google patched these two vulnerabilities earlier this year.
Computer security experts say that cyber arms dealers like Candiru often link multiple software vulnerabilities together to create effective exploits that can reliably and remotely invade computers without the target’s knowledge.
A person familiar with the cyber weapons industry told Reuters that these types of concealed systems are worth millions of dollars and are usually sold on a subscription basis, so customers must repeatedly pay providers to continue access.
“Teams no longer need to have technical expertise, now they only need resources,” Google wrote in its blog post.
© Thomson Reuters 2021