Microsoft says Israeli group behind Windows cyber hack

Microsoft says Israeli group sold tools to cyber hack Windows

Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

The revelation by Microsoft shows the organisation is taking more steps to reduce online security incidents. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.

Cyber attacks focusing on individual consumers rather than large companies

Microsoft has called the organisation that sold the software ‘Sourgum’, although the University of Toronto’s Citizen Lab has said the company is known as Candiru, according to Cristin Goodwin, the general manager of Microsoft’s Digital Security Unit. The tech giant says Sourgum sells products on to government agencies, which can then generate cyber attacks on various devices. This particular malware, known as DevilsTongue, has so far been used to attack more than 100 victims which have included activists, politicians, journalists and embassy staff. Instead of going after large organisations, attackers have been using DevilsTongue to infiltrate consumer accounts.

Sourgum’s malware appeared to use a chain of browser and Windows exploits, including zero-day exploits. The hackers sent the browser exploits to targets with single-use URLs on messaging applications such as WhatsApp. 

Both Citizen Lab and Microsoft found two security vulnerabilities which had been exploited and Microsoft issued updates to address them earlier this week, said researchers at Citizen Lab.

Private sector selling cyberweapons a danger to all

Roughly half of the victims identified were located in the Palestinian territories, with the remaining targets in Israel, Iran, Lebanon, Yemen, Spain’s Catalonia region, the United Kingdom, Turkey, Armenia and Singapore. 

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said. 

Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.

While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.