The United States government blacklisted Candiru, an Israeli technology, for its behavior that was allegedly harmful to national security. The firm, also known as (SAITO TECH) engages in cyberespionage, often for governmental clients.
Candiru Middle East (Lebanon) Journalists
The cyberattacks in Lebanon compromised a website that journalists frequented, according to Avast. Although Candiru’s motives were unclear. Nonetheless, it speculated the reason attackers go after journalists is to spy on them and the stories they’re working on directly.
They further stated that it could also be to get to their sources and gather compromising information and sensitive data they shared with the press.
In addition to Lebanon, the attacks occurred in Turkey, Yemen, and the Palestinian territories. Avast claimed that Candiru returned with an updated set of tools in March after a period of minimal activity dating back to July 2021, when its activity was exposed by Microsoft and Citizen Lab.
Furthermore, by utilizing the zero-day defenselessness that could not be detected by the browser, the attackers compromised websites and created sites specifically for their motives. Users fell victim to the ploy simply by opening one of these sites.
Data Obtained From the Attack
Those affected had their browser-based sensitive data hijacked, including up to 50 data points such as language, cookies, device types, and time zones, according to Android Police. Furthermore, Apple’s Safari web browser was vulnerable to the attacks as well, although Avast saw that only Windows devices were affected.
One reason for bringing the candiru attack to the limelight was to expose the value of cybersecurity firms that look out for mercenary spyware.
Bill Marczak, a member of Citizen Lab’s investigation into the company, said that at least five security companies, including Avast, have detected, burned, and published on Candiru attacks directed against their customers running Microsoft Windows.
The firm also appears to maintain capabilities against mobile phones, but is showing no signs of deploying them as at the time of writing.
