Microsoft and Citizen Lab confessed that the Israeli firm Candiru, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue.
- Microsoft fixed the two vulnerabilities, CVE-2021-31979 and CVE-2021-33771, on Tuesday through a software update.
- Microsoft did not directly attribute the exploits to Candiru, instead referring to it as an "Israel-based private sector offensive actor" under the codename Sourgum.
Microsoft and Citizen Lab confessed that the Israeli firm Candiru, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue.
Candiru tracked as Sourgum, is a secretive Israel-based company that sells surveillance software exclusively to governments; its spyware could spy on iPhones, Macs, Androids, PCs, and cloud accounts.
Citizen Lab reported that along with Microsoft Threat Intelligence Center (MSTIC), they analysed the spyware resulting in the discovery of CVE-2021-31979 and CVE-2021-33771 by Microsoft, two privilege vulnerabilities exploited by Candiru. On July 13, 2021, Microsoft patched both vulnerabilities.
“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments. We take this threat seriously and have disrupted the use of certain cyberweapons manufactured and sold by a group we call Sourgum.” reads the post published by Microsoft.
“Sourgum generally sells cyber weapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and internet-connected devices," Microsoft wrote in a blog post."These agencies then choose who to target and run the actual operations themselves."
According to the investigation, Microsoft observed at least 100 victims in Palestine, Lebanon, Spain, Iran, United Kingdom, Yemen, Armenia, Lebanon, Israel, Singapore and Turkey. Victims include dissidents, activists, human rights defenders and politicians.
DevilsTongue permits operators to spy on the victims, obtain sensitive data,decrypt and steal Signal messages on Windows devices, and also steal info for major web browsers.
DevilsTongue spyware could send messages from logged-in email and social media accounts using the infected system. Operators could use this feature to send malicious messages to the victim’s contacts.
On Wednesday, Google released a blog post with two Chrome software flaws that Citizen Lab found connected to Candiru.
“No longer do groups need to have the technical expertise, now they just need resources," Google wrote in its blog post.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?