Microsoft and technology human rights group Citizen Lab claimed on Thursday that an Israeli group offered a tool to hack into Microsoft Windows, revealing light on the expanding business of identifying and selling methods to breach widely used software.
According to a Citizen Lab investigation, the hacking tool vendor Candiru built and distributed a software vulnerability that can breach Windows, which is one of several intelligence products supplied by a covert sector that finds holes in common software platforms for their clients.
According to Citizen Lab and Microsoft reports, technical analysis by security researchers shows how Candiru’s hacking tool spread around the world to numerous unnamed customers, where it was then used to target various civil society organizations, including a Saudi dissident group and a left-leaning Indonesian news outlet.
We were unable to get in touch with Candiru for comment.
According to the Citizen Lab research, evidence of the exploit collected by Microsoft Corp revealed it was used against users in various countries, including Iran, Lebanon, Spain, and the United Kingdom.
“Candiru’s rising footprint, as well as its exploitation of surveillance technology against global civil society,” Citizen Lab wrote in its study, “is a striking reminder that the mercenary spyware market involves many actors and is prone to widespread abuse.”
Microsoft released a software update on Tuesday to address the problems that were uncovered. Candiru was referred to as a “Israel-based private sector offensive actor” under the codename Sourgum by Microsoft, who did not directly connect the vulnerabilities to it.
In a blog post, Microsoft stated, “Sourgum primarily sells cyberweapons that enable its customers, often government agencies around the world, to hack into its targets’ computers, phones, network infrastructure, and internet-connected gadgets.” “These agencies then decide who they want to target and conduct the real operations.” Candiru’s tools also took advantage of flaws in other popular applications, like as Google’s Chrome browser.
Google published a blog post on Wednesday revealing two Chrome software bugs linked to Candiru that Citizen Lab discovered. Candiru was also not mentioned by name on Google, instead being referred to as a “commercial surveillance firm.” The two flaws were addressed by Google earlier this year.
According to computer security experts, cyber weaponry merchants like Candiru frequently chain many software vulnerabilities together to construct efficient exploits that can consistently break into systems remotely without a target’s awareness.
People familiar with the cyber weaponry market told Reuters that such hidden systems cost millions of dollars and are frequently sold on a subscription basis, requiring users to pay a supplier for continuing access.
“Groups no longer need technical knowledge; all they need today are resources,” Google noted in a blog post.