(Reuters) – An Israeli group sold a tool to hack Microsoft Windows, Microsoft Corp. and the Human Rights Technology Group Citizen Lab said on Thursday that highlighting the growing business of finding and selling hacking tools is widely used.
The provider of hacking tools, called Candiru, created and sold a software utility that could penetrate Windows, one of many intelligence products sold by a secret industry that finds flaws in common software platforms for its customers, says a report from Citizen Lab.
Technical analysis by security researchers describes how Candirus hacking tools spread around the world to many anonymous customers, where it was then used to target various civil society organizations, including a Saudi dissident group and a left-wing Indonesian news outlet, reports Citizen Lab and Microsoft show.
Attempt to reach Candiru for comment failed.
Evidence of exploitation recovered by Microsoft Corp. suggests it was deployed against users in several countries, including Iran, Lebanon, Spain and the United Kingdom, according to the Citizen Lab report.
"Candirus's growing presence and the use of its surveillance technology against global civil society is a powerful reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab said in its report.
Microsoft fixed the flaws discovered on Tuesday through a software update. Microsoft did not directly attribute the exploitation to Candiru, but referred to it as an "Israeli-based private sector offensive player" under the code name Sourgum.
"Sourgum generally sells cyber weapons that enable its customers, often public authorities around the world, to hack into their target computers, telephones, network infrastructure and Internet-connected devices," Microsoft wrote in a blog post. "These agencies choose then who they should target and run the business themselves. ”
Candirus's tool also exploited vulnerabilities in other common software products, such as Google LLC's browser.
On Wednesday, Google released a blog post revealing it. name but described it as a "commercial surveillance company." Google patched up the two vulnerabilities earlier this year.
Hidden systems cost millions of dollars and are often sold on a subscription basis, making it necessary for customers to repeatedly pay a provider for continued access, say people familiar with the cyber-arms industry to Reuters.
"Not no longer do groups need the technical expertise, now they just need resources, ”Google wrote in its blog post. Catalog