Israeli spyware firm Candiru linked to cyberattacks on Mideast websites | #cybersecurity | #cyberattack


Technology sold by Israeli spyware company Candiru appears to have been used for a campaign of cyberattacks targeting high-profile Middle Eastern websites, an analysis by cybersecurity firm Eset said Tuesday.

“We think it was a client of Candiru that carried out these attacks,” Eset investigator Matthieu Faou told AFP.

Eset did not name the client, but pointed to an investigation by researchers at the University of Toronto that suggested in June that Saudi Arabia may have used similar techniques.

Based in Tel Aviv, Candiru sells sophisticated spyware to governments. It was blacklisted by the US government earlier this month.

The offensive revealed by Eset used what are known as “watering hole” attacks, which add malicious code to legitimate websites that the targeted user is likely to visit.

Once the person visits the site, the code can then be used to infect their computer — potentially to spy on them or inflict harm in other ways.

Illustrative. A computer popup box screen warning of a system being hacked. (solarseven; iStock, Getty Images)

The websites targeted in this campaign included UK-based news site Middle East Eye as well as Yemeni media outlets like Almasirah linked to the Houthi rebels battling the Saudis, Eset said. Another victim was thesaudireality.com, which Eset said was likely a dissident media outlet in Saudi Arabia.

Internet service providers in Yemen and Syria were also targeted along with the Iranian foreign ministry, Syria’s electricity ministry, and Yemen’s interior and finance ministries.

Other targets included sites run by the pro-Iranian militant group Hezbollah, Italian company Piaggio Aerospace and Denel, a state-owned South African aerospace and military technology conglomerate.

“The attackers also created a website mimicking a medical trade fair in Germany,” Eset noted in a press release, adding that the intrusions were recorded between July 2020 and August this year.

Candiru has earned comparisons with NSO Group, another Israeli company that was engulfed in scandal this year over accusations that governments used its Pegasus technology to spy on rights activists, politicians, journalists, and business executives.

The US government blacklisted NSO earlier this month, restricting exports from American firms.

Faou said the Candiru campaign did not appear to be aimed at mass data collection, specifically targeting a “very, very small” number of people.


Give a Hanukkah gift that enlightens

Here’s a Hanukkah gift that sparks knowledge and insight about Israel and the Jewish people.

A Times of Israel Community gift membership entitles your recipient to one full year of membership benefits, at a special discounted price.


Learn more


Learn more

Already a member? Sign in to stop seeing this


You’re serious. We appreciate that!


We’re really pleased that you’ve read X Times of Israel articles in the past month.

That’s why we come to work every day – to provide discerning readers like you with must-read coverage of Israel and the Jewish world.

So now we have a request. Unlike other news outlets, we haven’t put up a paywall. But as the journalism we do is costly, we invite readers for whom The Times of Israel has become important to help support our work by joining The Times of Israel Community.

For as little as $6 a month you can help support our quality journalism while enjoying The Times of Israel AD-FREE, as well as accessing exclusive content available only to Times of Israel Community members.


Join Our Community


Join Our Community

Already a member? Sign in to stop seeing this

FB.Event.subscribe('comment.create', function (response) { comment_counter++; if(comment_counter == 2){ jQuery.ajax({ type: "POST", url: "/wp-content/themes/rgb/functions/facebook.php", data: { p: "2650525", c: response.commentID, a: "add" } }); comment_counter = 0; } }); FB.Event.subscribe('comment.remove', function (response) { jQuery.ajax({ type: "POST", url: "/wp-content/themes/rgb/functions/facebook.php", data: { p: "2650525", c: response.commentID, a: "rem" } }); });

}; (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

17 − = thirteen