Microsoft says Israeli group behind Windows cyber hack

By Laura Berrill
Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

Microsoft says Israeli group sold tools to cyber hack Windows

Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

The revelation by Microsoft shows the organisation is taking more steps to reduce online security incidents. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.

Cyber attacks focusing on individual consumers rather than large companies

Microsoft has called the organisation that sold the software ‘Sourgum’, although the University of Toronto’s Citizen Lab has said the company is known as Candiru, according to Cristin Goodwin, the general manager of Microsoft’s Digital Security Unit. The tech giant says Sourgum sells products on to government agencies, which can then generate cyber attacks on various devices. This particular malware, known as DevilsTongue, has so far been used to attack more than 100 victims which have included activists, politicians, journalists and embassy staff. Instead of going after large organisations, attackers have been using DevilsTongue to infiltrate consumer accounts.

Sourgum’s malware appeared to use a chain of browser and Windows exploits, including zero-day exploits. The hackers sent the browser exploits to targets with single-use URLs on messaging applications such as WhatsApp. 

Both Citizen Lab and Microsoft found two security vulnerabilities which had been exploited and Microsoft issued updates to address them earlier this week, said researchers at Citizen Lab.

Private sector selling cyberweapons a danger to all

Roughly half of the victims identified were located in the Palestinian territories, with the remaining targets in Israel, Iran, Lebanon, Yemen, Spain’s Catalonia region, the United Kingdom, Turkey, Armenia and Singapore. 

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said. 

Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.

While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.



Featured Articles

ICYMI: Energy crisis IT threat and rich are drawn to digital

A week is a long time in tech, so here are some of Technology Magazine’s most popular articles which have been starting conversations around the world

Cyber increasingly a growth enabler, Deloitte study shows

Deloitte's 2023 Global Future of Cyber survey highlights the imperative for organisations to move cybersecurity from threat assessment to growth enabler

Trillions of dollars created by growing US wireless industry

In 2020 alone, the US wireless industry created US$1.3 trillion in gross output, $825 billion in GDP, and over four million jobs for the national economy

Energy crisis posing threat to IT companies' sustainability

Enterprise IT

Data backup gives way to data protection and cybersecurity

Cloud & Cybersecurity

Rich investors drawn to digital assets despite crypto crash

Digital Transformation