Israel’s Candiru sells national spyware to attack journalists and dissidents
An Israeli cyber warfare organization weaponized vulnerabilities in Microsoft and Google products, allowing governments to invade more than 100 journalists, activists, and political dissidents around the world. New research found it.
The relatively unknown company calls itself Candiru and is part of the lucrative Israeli offensive cyber industry that often recruits veterans from the military’s elite units and sells software that allows its customers to remotely hack computers and cell phones.
Companies like Candiru and NSO Group (worth $1 billion in transactions in 2019), the largest participant in this opaque industry, stated that their software is designed to be used by governments and law enforcement agencies to thwart potential terrorism and crime.
But human rights organizations such as the United Nations, the University of Toronto’s Citizen Lab, and Amnesty International regularly track spyware on the phones and computers of journalists, dissidents, and activists criticizing the authoritarian regime.
Emails sent to multiple addresses listed for Candiru executives seeking comments were either bounced or received no response.
In this case, Microsoft and Citizen Lab discovered that Candiru had sold a spyware tool that exploited Microsoft Windows vulnerabilities, allowing its deployers to steal passwords, export files and messages from devices (including encrypted messaging application Signal), and from electronic sources. Mail and social media accounts.
The report stated that its analysis found that Candiru’s system was sold exclusively to the government and “operated in countries such as Saudi Arabia, Israel, the UAE, Hungary, and Indonesia.”
According to the report, Candiru’s spyware targeted at least 100 members of civil society, including politicians, human rights activists, journalists, academics, embassy staff and dissidents in the United Kingdom, Spain, Singapore, and Israel and the Occupied Palestinian Territory. Political opinion person.
Researchers also found more than 750 fake websites, including Amnesty International, the Black Fate Movement, and the Russian postal service, which contained spyware.
Bill Marczak, a senior researcher at the Citizens Lab, said: “Candiru has been trying to stay in the shadows since its inception.” “But for those who sell spyware that is used against journalists, activists and civil society For companies that promote authoritarianism, there is no room in the shadows.”
Microsoft Said in a blog post A software update was released this week, “This will protect Windows customers from attacks [the company] Used to help spread its malware”.
In addition, the Citizen Lab report found that the two Google browsers Vulnerability disclosure Candilu, used by Silicon Valley companies on Wednesday. Although Google did not explicitly link the exploit to Candiru, it blamed it on a “commercial surveillance company.”
The report raises serious concerns about the growing employment spyware industry, which is increasingly arousing the anger of large technology platforms whose software can be weaponized by these groups. Candiru’s larger competitor, NSO Group, is currently facing a WhatsApp lawsuit, which is supported by other technology groups for allegedly selling a tool that allows customers to secretly inject its software into mobile phones via WhatsApp calls.
In the 2019 Candiru marketing document seen by the Financial Times, the organization promoted its “superpower-level cyber intelligence system”, stating that “the installation and leakage process is concealed and will not interrupt the normal activities of the target.”
It added, “Using a set of attack vectors and zero-day vulnerabilities developed internally, a proprietary penetration agent was quietly deployed to the target device”-which shows that the Microsoft Windows vulnerability is just one of the vulnerabilities it has been exploiting.
Google said in a post this week that “compared to the early 2010s, there are more commercial vendors selling 0-day access”.
Christine Goodwin, general manager of Microsoft’s digital security department, said: “A world where private sector companies manufacture and sell cyber weapons is even more dangerous for consumers, businesses of all sizes, and governments.”