Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

Israeli Firm Candiru's Spyware Used to Target Dissidents

Researchers: Spyware Targets 100 Victims in 10 Countries
Israeli Firm Candiru's Spyware Used to Target Dissidents
Illustration: Pixabay

Cyberattackers used spyware from the Israeli firm Candiru to target at least 100 human rights defenders, dissidents, journalists and others across 10 countries, according to researchers at the University of Toronto’s Citizen Lab, which tracks illegal hacking and surveillance.

See Also: Live Panel | How Organizations Should Think About Zero Trust

“Based on our analysis of Internet scanning data, we believe that there are Candiru systems operated from Saudi Arabia, Israel, UAE, Hungary and Indonesia, among other countries,” the researchers say in their new report.

Those targeted with the spyware, which is designed for use by governments, were human rights defenders, dissidents, journalists, activists and politicians located in the Palestinian territories, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore, the researchers say.

The researchers say they "identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies and other civil society-themed entities."

Certain governments are using surveillance of perceived opponents to undermine opposition, according to the U.K. law firm Leigh Day. “This threat of surveillance has the effect of chilling activism and significantly contributes to a climate of repression,” the company says.

Microsoft Flaws Fixed

The Candiru spyware exploits two privilege escalation vulnerabilities in Microsoft Windows Server, CVE 2021 33771 and CVE-2021-31979. The two flaws were patched by Microsoft on Tuesday, the company notes in an alert (see: Microsoft Releases Patches for 4 Exploited Zero-Day Flaws).

The Israeli firm's spyware was used in “precision attacks” against targets’ computers, phones, network infrastructure and internet-connected devices, says Cristin Goodwin, general manager of Microsoft’s digital security unit.

Microsoft, which did not refer to Candiru by name - instead calling the surveillance providers Sourgum and the spyware DevilsTongue - says it began initiating patching after being alerted by Citizen Lab.

"By examining how Sourgum's customers were delivering DevilsTongue to victim computers, we saw they were doing so through a chain of exploits that impacted popular browsers and our Windows operating system," Microsoft says. "Earlier this week, we released updates that, when installed, protect Windows customers from two key Sourgum exploits."


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.