Microsoft says Israeli group behind Windows cyber hack

By Laura Berrill
Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

Microsoft says Israeli group sold tools to cyber hack Windows

Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

The revelation by Microsoft shows the organisation is taking more steps to reduce online security incidents. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.

Cyber attacks focusing on individual consumers rather than large companies

Microsoft has called the organisation that sold the software ‘Sourgum’, although the University of Toronto’s Citizen Lab has said the company is known as Candiru, according to Cristin Goodwin, the general manager of Microsoft’s Digital Security Unit. The tech giant says Sourgum sells products on to government agencies, which can then generate cyber attacks on various devices. This particular malware, known as DevilsTongue, has so far been used to attack more than 100 victims which have included activists, politicians, journalists and embassy staff. Instead of going after large organisations, attackers have been using DevilsTongue to infiltrate consumer accounts.

Sourgum’s malware appeared to use a chain of browser and Windows exploits, including zero-day exploits. The hackers sent the browser exploits to targets with single-use URLs on messaging applications such as WhatsApp. 

Both Citizen Lab and Microsoft found two security vulnerabilities which had been exploited and Microsoft issued updates to address them earlier this week, said researchers at Citizen Lab.

Private sector selling cyberweapons a danger to all

Roughly half of the victims identified were located in the Palestinian territories, with the remaining targets in Israel, Iran, Lebanon, Yemen, Spain’s Catalonia region, the United Kingdom, Turkey, Armenia and Singapore. 

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said. 

Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.

While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.



Featured Articles

Cognizant and Microsoft Partner to Drive Enterprise Gen AI

Cognizant and Microsoft have announced an expansion of their global partnership to drive the adoption of generative AI in the enterprise

Top 100 Women 2024: Safra Catz, Oracle - No. 7

Technology Magazine’s Top 100 Women in Technology honours Oracle’s Safra Catz at Number 7 for 2024

Microsoft, AWS & Oracle: Why Big Tech is Investing in Japan

We explore what Microsoft, Oracle, AWS and Google Cloud’s multi-billion dollar investments mean for the digital landscape in Japan

Advancing AI in Retail with Pick N Pay's Leon Van Niekerk

AI & Machine Learning

How Intel AI is Powering the 2024 Paris Olympic Games

AI & Machine Learning

OpenText’s Muhi Majzoub: Engineering Platform Growth with AI

Enterprise IT