Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
According to new reports, a unique set of spyware strains created by an Israeli firm used by governments across the world to conduct surveillance on dissidents has been defanged by Microsoft. The company is called Candiru or Sourgum and specializes in the sale of the DevilsTongue surveillance malware. The malware is sold exclusively to governments, according to CitizenLab, the first organization to analyze and flag the malware for review. The malware has also been utilized in highly targeted cyberattacks against civil society, says Microsoft. The malware takes advantage of two zero-day vulnerabilities that have since been patched in Microsoft Windows.
The organizations state that there have been over 100 victims of DevilsTongue, including politicians, human rights activists, academics, journalists, embassy workers, and dissidents. Although targets have been located around the world, the most have been discovered in Armenia, Iran, Israel, Lebanon, Palestine, Singapore, Spain, Turkey, the UK, and Yemen. According to Microsoft’s advisory, Sourgum sells cyberweapons that enable government agencies across the world to breach individuals’ privacy and hack into their devices. The agencies then run further surveillance operations themselves using DevilsTongue. DevilsTongue is capable of exfiltrating data and messages from accounts such as Telegram, Facebook, Gmail, and Skype. The malware cal also captures passwords, cookies, browsing history, and turn on an infected device’s camera and microphone.