Microsoft says Israeli group behind Windows cyber hack

By Laura Berrill
Share
Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

Microsoft says Israeli group sold tools to cyber hack Windows

Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

The revelation by Microsoft shows the organisation is taking more steps to reduce online security incidents. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.

Cyber attacks focusing on individual consumers rather than large companies

Microsoft has called the organisation that sold the software ‘Sourgum’, although the University of Toronto’s Citizen Lab has said the company is known as Candiru, according to Cristin Goodwin, the general manager of Microsoft’s Digital Security Unit. The tech giant says Sourgum sells products on to government agencies, which can then generate cyber attacks on various devices. This particular malware, known as DevilsTongue, has so far been used to attack more than 100 victims which have included activists, politicians, journalists and embassy staff. Instead of going after large organisations, attackers have been using DevilsTongue to infiltrate consumer accounts.

Sourgum’s malware appeared to use a chain of browser and Windows exploits, including zero-day exploits. The hackers sent the browser exploits to targets with single-use URLs on messaging applications such as WhatsApp. 

Both Citizen Lab and Microsoft found two security vulnerabilities which had been exploited and Microsoft issued updates to address them earlier this week, said researchers at Citizen Lab.

Private sector selling cyberweapons a danger to all

Roughly half of the victims identified were located in the Palestinian territories, with the remaining targets in Israel, Iran, Lebanon, Yemen, Spain’s Catalonia region, the United Kingdom, Turkey, Armenia and Singapore. 

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said. 

Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.

While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.

 

Share

Featured Articles

Trump 2.0: How Tariffs and TikTok are to be Shaped in 2025

New President Trump grants TikTok a 75-day extension amid ownership negotiations in the US, as social media companies operate amongst a backdrop of tariffs

SAP: The Five AI Themes For Businesses to Watch in 2025

Enterprise software providers focus on practical AI deployment as SAP and others move from experimental phase to revenue-generating implementations

How Davos 2025 Tackles AI Revolution Amid Climate Concerns

The WEF annual meeting brings together tech leaders and policymakers as AI and sustainability shape global agenda

What US Chip Export Restrictions Mean For Nvidia

Digital Transformation

Why Australian Tech Leaders Are Struggling to Adopt AI

AI & Machine Learning

What Global Tech Leaders Think About The UK’s AI Action Plan

AI & Machine Learning