Brussels (Brussels Morning) A private Israeli company reportedly produced and sold hacking tools used to gain access to computers using the Windows operating system, according to Microsoft and the technology human rights group Citizen Lab.
Tel-Aviv-based Candiru, a clandestine private cyber-warfare solutions provider, is suspected of creating and selling a software exploit device that can compromise Windows systems, according to Citizen Lab findings.
This is the latest in the string of accusations against Candiru, which was also suspected in 2019 of providing hacking tools to compromise Windows and Apple systems to nation-state intelligence agencies.
After analysing the available evidence, Microsoft claims that the most recent exploit was deployed against users in several countries, including Iran, Lebanon, Spain and the UK. Citizen Lab notes that the exploit was used to target a number of civil society organisations, among them a left-leaning Indonesian news outlet and a Saudi dissident group.
Two years ago, Candiru’s hacking tools were discovered to be in use by Uzbekistan, with evidence pointing to Saudi Arabia and the United Arab Emirates as some of the company’s other clients. The company maintains an unusually low profile, with no online presence and few official records.
In its report on the exploit, Microsoft did not name the company, describing it instead as an “Israeli-based private sector offensive actor”. In Microsoft’s official documents, Candiru was referred to under the given codename “Sourgum”.
According to the US company, the “private sector offensive actor” in question is selling cyberweapons, often to government agencies around the world, to hack into their targets’ computers, phones, networks and devices.
Citizen Lab also linked Candiru to a report released by Google earlier this week, detailing two discovered security flaws in the company’s internet browser, Chrome. Just like Microsoft, Google did not name Candiru, referring to it as an unnamed “commercial surveillance company”.