A spyware campaign using tools from a secret Israeli company has been used to attack and impersonate dozens of human rights activists, journalists, dissidents, politicians and others, researchers said Thursday .
Statements from security researchers at Microsoft and the Citizen Lab at the University of Toronto said powerful “cyber weapons” were being used in precision attacks targeting more than 100 victims worldwide.
Microsoft said it fixed the vulnerability exploited by the group, known as Candiru and Sourgum, this week.
Citizen Lab said in a blog post that “Candiru is an Israel-based secret company that sells spyware exclusively to governments,” which can then use it to “infect and monitor iPhones, Android, Macs, PCs and cloud accounts ”.
“We have found many areas posing as rights organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies and other entities on the topic of civil society,” he said. declared Citizen Lab.
Microsoft has observed at least 100 casualties in the Palestinian territories, Israel, Iran, Lebanon, Yemen, Spain, Britain, Turkey, Armenia and Singapore.
The US tech company said it decided to thwart the attacks with Windows software updates that prevent Candiru from spreading its malware.
“Microsoft has created and built protections into our products against this unique malware, which we call DevilsTongue,” a statement from Microsoft said.
“We have shared these protections with the security community so that we can collectively address and mitigate this threat. “
According to Microsoft, DevilsTongue was able to infiltrate popular websites such as Facebook, Twitter, Gmail, Yahoo, and others to collect information, read victim’s messages, and retrieve photos.
“DevilsTongue may also send messages as a victim on some of these websites, showing to any recipient that the victim has sent these messages,” the Microsoft Threat Intelligence Center statement said.
“The ability to send messages could be militarized to send malicious links to more victims. “
Citizen Lab researchers have found evidence that spyware can exfiltrate private data from a number of apps and accounts, including Gmail, Skype, Telegram, and Facebook.
It can also capture browsing history and passwords, as well as activate the target’s webcam and microphone, depending on the results.
Citizen Lab said the current name of the Israeli company is Saito Tech Ltd, and that it has some of the same investors and executives as NSO Group, another Israeli company under surveillance for surveillance software.
© 2021 AFP