-
The company has been identified as Candiru, whose customer list included Saudi Arabia, the UAE, and Uzbekistan, with investment from Qatar
-
Microsoft said half the victims of Candiru’s malware were under the Palestininan Authority, with the rest spread across Israel, Iran, Lebanon, Yemen, Spain (Catalonia), the United Kingdom, Turkey, Armenia, and Singapore
Microsoft on Thursday, July 15, announced on its blog that it had identified an Israeli cybersecurity company that it claimed had sold malware to countries across the world — including Arab countries — to hack Windows.
Microsoft cited a report by the Citizen Lab, at the University of Toronto’s Munk School of Global Affairs & Public Policy to say that this organization possessed two zero-day exploits that are now patched in Windows.
Citizen Lab, an interdisciplinary laboratory, identified this “secretive Israel-based company” as Candiru, and said that it “sells spyware exclusively to governments.”
It added that Candiru’s malware has been used to target more than 100 victims around the world, including politicians, human rights activists, journalists, academics, embassy workers, and political dissidents.
The lab said Candiru’s customer list included Saudi Arabia, the UAE, and Uzbekistan. It added that the company was also soliciting business with intelligence agencies in Singapore.
It also claimed a company linked to the sovereign wealth fund of Qatar had invested in Candiru.
Microsoft said it had identified “over 100 victims” of Candiru’s malware. It added that these victims “are as geographically diverse as would be expected when varied government agencies are believed to be selecting the targets.”
The software giant also said: “Approximately half of the victims were found in Palestinian Authority, with most of the remaining victims located in Israel, Iran, Lebanon, Yemen, Spain (Catalonia), the United Kingdom, Turkey, Armenia, and Singapore.”
Microsoft said on its blog post that it had patched the zero-day exploits in its July 2021 Windows update.
Zero-day vulnerabilities are holes in a software’s structure that are so critical that the software-maker has exactly zero days to patch them. In other words, they need to be fixed immediately.
Meanwhile, Citizen lab cited a leaked Candiru project proposal to explain that it costs €16 million ($18.88 million) for “an unlimited number of spyware infection attempts, but the monitoring of only 10 devices simultaneously.”
It added: “For an additional €1.5 million, the customer can purchase the ability to monitor 15 additional devices simultaneously, and to infect devices in a single additional country. For an additional €5.5 million, the customer can monitor 25 additional devices simultaneously, and conduct espionage in five more countries.” The two amounts translate to $1.77 million and $6.49 million, respectively.