17 July 21, 10:45
Quote:A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said.
The private company, called variously Candiru, Grindavik, Saito Tech and Taveta (and dubbed “Sourgum” by Microsoft), reportedly sells its wares exclusively to governments, according to Citizen Lab, which first analyzed the malware and flagged it for Microsoft. The code, collectively known as “DevilsTongue,” has been used in highly targeted cyberattacks against civil society, according to an advisory issued Thursday – making use of a pair of zero-day vulnerabilities in Windows (now patched).
The victims number more than 100, and include politicians, human-rights activists, journalists, academics, embassy workers and political dissidents, Citizen Lab and Microsoft said. The targets have been global, located in Armenia, Iran, Israel, Lebanon, Palestine, Singapore, Spain, Turkey, United Kingdom and Yemen.
“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices,” according to Microsoft’s tandem advisory. “These agencies then choose who to target and run the actual operations themselves.”
Citizen Lab researchers said that DevilsTongue can exfiltrate data and messages from various accounts, including Facebook, Gmail, Skype and Telegram. The spyware can also capture browsing history, cookies and passwords, turn on the target’s webcam and microphone, and take pictures of the screen.
Read more: Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware | Threatpost