Metacurity

Share this post

Secretive Israeli Spyware Company Masquerades as Advocacy Groups, Media Companies

metacurity.substack.com

Secretive Israeli Spyware Company Masquerades as Advocacy Groups, Media Companies

Facebook took down fake accounts used by Iranian cyber-espionage groups, Biden administration to investigate ransomware payments, Stopransomware.gov site launched, "Freedom Phone" is a ripoff, more

Cynthia Brumfield
Jul 16, 2021
∙ Paid
1
Share
Share this post

Secretive Israeli Spyware Company Masquerades as Advocacy Groups, Media Companies

metacurity.substack.com

Check out my latest column focusing on the flurry of anti-ransomware initiatives announced by the Biden administration yesterday.

Citizen Lab and Microsoft report that a secretive Israel-based company called Candiru (or Sourgum) sells spyware exclusively to governments capable of infecting iPhones, Androids, Macs, PCs, and cloud accounts. Many of the websites connected to Candiur masquerade as advocacy organizations such as Amnesty International, the Black Lives Matter movement, media companies, and other civil-society-themed entities.

The spyware, called DevilsTongue by Microsoft, leverages two unknown vulnerabilities in Windows. Microsoft said it issued protections this week “to prevent Sourgum’s tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint.” (Bill Marczak, John Scott-Railton, Kristin Berdan, Bahr Abdul Razzak, and Ron De…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing