Microsoft says Israeli group behind Windows cyber hack

By Laura Berrill
Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

Microsoft says Israeli group sold tools to cyber hack Windows

Microsoft says it believes Israeli company is behind a malware cyber attack on PCs running its Windows operating system

The revelation by Microsoft shows the organisation is taking more steps to reduce online security incidents. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.

Cyber attacks focusing on individual consumers rather than large companies

Microsoft has called the organisation that sold the software ‘Sourgum’, although the University of Toronto’s Citizen Lab has said the company is known as Candiru, according to Cristin Goodwin, the general manager of Microsoft’s Digital Security Unit. The tech giant says Sourgum sells products on to government agencies, which can then generate cyber attacks on various devices. This particular malware, known as DevilsTongue, has so far been used to attack more than 100 victims which have included activists, politicians, journalists and embassy staff. Instead of going after large organisations, attackers have been using DevilsTongue to infiltrate consumer accounts.

Sourgum’s malware appeared to use a chain of browser and Windows exploits, including zero-day exploits. The hackers sent the browser exploits to targets with single-use URLs on messaging applications such as WhatsApp. 

Both Citizen Lab and Microsoft found two security vulnerabilities which had been exploited and Microsoft issued updates to address them earlier this week, said researchers at Citizen Lab.

Private sector selling cyberweapons a danger to all

Roughly half of the victims identified were located in the Palestinian territories, with the remaining targets in Israel, Iran, Lebanon, Yemen, Spain’s Catalonia region, the United Kingdom, Turkey, Armenia and Singapore. 

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said. 

Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.

While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.

 

Share

Featured Articles

Tech & AI LIVE: Gen AI Announces Four New Speakers

Tech & AI LIVE: Gen AI welcomes four new speakers from PwC, DXC Technology, Trend Micro, and Tech Mahindra

SAP Completes WalkMe Acquisition to Enhance User Experience

SAP aims to streamline digital adoption with its US$1.5bn purchase of WalkMe, signalling a significant shift in enterprise software strategy

Industrial Robotics: From Assembly Lines to AI Dogs at JLR

Automaker JLR deploys AI-powered quadruped 'Rover' from Boston Dynamics to revolutionise electric vehicle testing and development

ServiceNow Xanadu a Leap Forward in Enterprise AI

AI & Machine Learning

How Deloitte, Nvidia & Oracle are Driving Enterprise Gen AI

AI & Machine Learning

Arsenal Kicks Off Digital Revolution with NTT DATA

Digital Transformation