The University of Toronto’s Citizen Lab, which tracks illegal hacking and surveillance, said at least 100 activists, journalists and government dissidents in 10 countries have been targeted with spyware produced by an Israeli company called Candiru.
At least 100 activists, journalists and government dissidents in 10 countries have been targeted by spyware produced by an Israeli company called Candiru, according to cybersecurity researchers at the University of Toronto’s Citizen Lab, which tracks illegal hacking and surveillance .
Using a pair of vulnerabilities in Microsoft Corp.’s Windows, cyber operators operating in Saudi Arabia, Israel, Hungary, Indonesia and elsewhere purchased and installed remote spy software made by Candiru, researchers say. . The tool has been used in “precision attacks” against target computers, phones, network infrastructure and Internet-connected devices, “said Cristin Goodwin, general manager of Microsoft’s digital security unit. .
Microsoft was alerted to the attacks by Citizen Lab researchers, and after weeks of analysis, the company released fixes for a pair of Windows vulnerabilities on July 13 that are believed to be the spyware entry point, according to a report. Microsoft blog posted Thursday. Microsoft does not name Candiru but rather refers to an “offensive player in the private sector based in Israel” that it calls Surgum.
Candiru did not immediately respond to a message requesting comment. Candiru is the name of an eel-like fish native to the Amazon River region that is believed to have entered the urethra of humans before deploying short thorns – a story some have dismissed as a myth.
Spyware users also hacked into politicians and human rights activists, researchers said, who declined to name the victims.
Citizen Lab researchers said Candiru spyware is part of a thriving private industry that sells technology to governments and authoritarian rulers so they can access communications from private citizens and the political opposition. Another Israeli company, NSO Group Ltd., has been accused of supplying spyware to repressive governments which used it to spy on journalists and activists.
NSO has maintained that it sells its technology exclusively to governments and law enforcement as a tool against terrorism and crime. In a report released on June 30, NSO Group said it refuses to sell spyware in 55 countries and has taken action to tackle customer abuse.
John Scott-Railton, senior researcher at Citizen Lab, said research on Candiru “shows that there is a whole ecosystem that sells to authoritarian regimes.”
“Tools like Candiru are used to export fear,” he added.
Citizen Lab findings also offered new insight into the cost of doing business in the spyware industry.
For 16 million euros ($ 18.9 million), Candiru customers can attempt to compromise an unlimited number of devices but are limited to actively tracking only 10 at a time, according to Citizen Lab. For an additional 1.5 million euros ($ 1.8 million), buyers can watch 15 additional victims.
Candiru has clients in Europe, Russia, the Middle East, Asia and Latin America, according to Israeli newspaper Haaretz. Local news outlets reported contracts in Uzbekistan, Saudi Arabia, the United Arab Emirates, Singapore and Qatar, according to the Citizen Lab report.
Candiru customers are limited to operating only in “agreed territories,” according to Citizen Lab. The company’s customers are signing contracts that limit operations outside the United States, Russia, China, Israel and Iran, according to the report. But Microsoft said it recently discovered activity with the spyware in Iran, suggesting the rules are not concrete, according to the report.