Israeli Spyware Firm Candiru Linked To Attacks on Websites in Middle East

Published November 17th, 2021 - 10:44 GMT
Israeli Spyware Firm Linked To Attacks on Websites in Middle East
Candiru was added to a US blacklist this month after the Biden administration accused the firm of acting against US national security interests. (Shutterstock)

Researchers at the internet security company, Eset, have found new evidence that suggests spyware made by the Israeli firm, Candiru, has been used to target websites and services in several Middle Eastern countries, including Saudi Arabia, Iran and some readers of a London-based news website.

It's worth noting that Candiru was added to a US blacklist this month after the Biden administration accused the firm of acting against US national security interests.

According to Eset's report, Candiru uses 'watering hole' attacks where spyware users launch malware against ordinary websites that are known to attract readers or users who are considered “targets of interest” by the user of the malware.

Once someone lands on the website the code infects their machine, enabling attackers to spy on them or cause harm in various other ways.

According to Eset, the websites targeted included London-based news website Middle East Eye, as well as media outlets like Almasirah, which is linked to the Houthi rebels in Yemen. Among the targeted websites were also websites belonging to the Iranian foreign ministry, Yemen's finance and interior ministries, and Syria's electricity ministry, along with internet service providers in Syria and Yemen.

Other targets included sites operated by Italian company Piaggio Aerospace, the pro-Iranian militant group Hezbollah, and The Saudi Reality, an opposing media outlet in Saudi Arabia.

"On July 11, 2020, our system notified us that the website of the Iranian embassy in Abu Dhabi had been tainted with malicious JavaScript code. Our curiosity was aroused by the high-profile nature of the targeted website, and in the following weeks we noticed that other websites with connections to the Middle East were also targeted." - Matthieu Faou, Eset researcher.

The researchers have not noticed any activity from this operation since the end of July 2021, shortly after the release of blog posts by Google, Citizen Lab and Microsoft detailing Candiru's activities.

"The operators appear to be taking a pause, probably in order to retool and make their campaign stealthier," Faou added.

In July, researchers from Citizen Lab and Microsoft stated that over 100 journalists, politicians, human rights activists and dissidents in several countries were targeted in a spyware campaign that used 'cyberweapons' developed by Candiru.

Citizen Lab claimed that Candiru sells spyware exclusively to governments and authoritarian leaders, who then use the tools to infect devices and cloud accounts. 


© 2000 - 2021 Al Bawaba (www.albawaba.com)

You may also like