Jerusalem: An Israeli company that sells spyware to governments has been linked to fake Black Lives Matter and Amnesty International websites that are used to hack targets, according to a report.
Tel Aviv-based mercenary spyware firm Candiru sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.
Using Internet scanning, a team of researchers from the University of Toronto’s Citizen Lab and tech giant Microsoft identified more than 750 websites linked to Candiru’s spyware infrastructure.
“We found many domains masquerading as advocacy organisations such as Amnesty International, the Black Lives Matter movement, as well as media companies and other civil-society themed entities,” researcher Bill Marczak said in a statement.
“We identified a politically active victim in Western Europe and recovered a copy of Candiru’s Windows spyware,” he added.
Working with Microsoft Threat Intelligence Center (MSTIC), the team analysed the spyware, resulting in the discovery of CVE-2021-31979 and CVE-2021-33771 by Microsoft, two privilege escalation vulnerabilities exploited by Candiru. Microsoft patched both vulnerabilities on July 13.
As part of their investigation, Microsoft observed at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, UK, Turkey, Armenia, and Singapore.
The victims include human rights defenders, dissidents, journalists and politicians.
According to a lawsuit brought by a former employee, Candiru had sales of “nearly $30 million,” within two years of its founding.
The firm’s reported clients are located in “Europe, the former Soviet Union, the Persian Gulf, Asia and Latin America”.