Microsoft and technology human rights organization Citizen Lab said on Thursday that an Israeli firm marketed a tool to hack into Microsoft Windows, shining light on the increasing industry of identifying and selling methods to attack widely used software.
According to Citizen Lab, the hacking tool seller, Candiru, produced and sold a software vulnerability that can enter Windows, one of several intelligence products provided by a hidden business that identifies weaknesses in common software platforms for its clients.
According to Citizen Lab and Microsoft reports technical analysis by security researchers details how Candiru's hacking tool spread around the world to numerous unnamed customers, where it was then used to target various civil society organizations, including a Saudi dissident group and a left-leaning Indonesian news outlet.
Attempts to contact Candiru for comment were futile.
According to the Citizen Lab study, evidence of the exploit retrieved by Microsoft indicated that it was used against users in various countries, including Iran, Lebanon, Spain, and the United Kingdom.
"Candiru's expanding footprint, and the exploitation of its surveillance technologies against global civil society, is a striking reminder that the mercenary spyware business is rife with actors and prone to widespread misuse," Citizen Lab wrote in its study.
Microsoft patched the reported issues with a software update on Tuesday. Microsoft did not explicitly link the vulnerabilities to Candiru, instead referring to it as an "Israel-based private sector aggressive actor" known as Sourgum.
"Sourgum usually offers cyberweapons that enable its clients, who are frequently government agencies from around the world, to hack into their targets' computers, phones, network infrastructure, and Internet-connected devices," Microsoft stated in a blog post. "These agencies then decide who to target and conduct the actual operations."
Candiru's tools also took advantage of flaws in other popular software products, including Google's Chrome browser.
Google published a blog post on Wednesday revealing two Chrome software vulnerabilities linked to Candiru discovered by Citizen Lab. Google also did not mention Candiru by name, instead referring to it as a "commercial surveillance business." Google fixed the two flaws early this year.
According to computer security experts, cyber weapons merchants like Candiru frequently link numerous software vulnerabilities together to develop powerful exploits that can consistently break into systems remotely without a target's awareness.
According to sources acquainted with the cyberweapons business, such hidden systems cost millions of dollars and are sometimes offered on a subscription basis, requiring clients to regularly pay a supplier for continuous access.
"Groups no longer require technical knowledge; they only need resources," Google said in a blog post.
WANT TO RANK TOP ON GOOGLE: https://bit.ly/2TbXtZc
Comments
Post a Comment