// New Israeli spyware attack on Windows machines...
Hey Hackers! Over 100 people, including journalists, politicians, political dissidents, and other activists, were exploited in a spyware attack this past week.
Spyware is a type of malware used to spy and perform reconnaissance on a target
This spyware, labeled "DevilsTongue", is suspected to originate from a company located in Israel. This company, labeled "Candiru" or "Sourgum", is a firm that does surveillance for government agencies. They provide reconnaissance to governments in exchange for cash. It almost serves as a "Spyware as a Service" type deal. They allow for governmental entities to spy on civil society on an international level. Government agencies within the United Kingdom, Saudi Arabia, Hungary, and several others in the eastern hemisphere, have purchased spyware from Candiru.
//How it Works:
DevilsTongue uses Day 0 vulnerabilities to install spyware on Windows computers. It worked through privilege escalation techniques located within Windows Servers. The security flaws were disclosed as CVE-2021-33771 and CVE-2021-31979. It is believed that the spyware resided in activism webpages for BlackLivesMatter [BLM], women's rights, lgbtq+, and other respective parties.
Once hijacked, DevilsTongue installed backdoors and disabled many security features. Clients who purchased the spyware, as well as Candiru, virtually had full access to a victim's computer. They could view and exfiltrate documents, activate the computer's camera and microphone, and even steal credentials [passwords].
The spyware affected over 100 people across ten reported different countries. These countries included The United Kingdom, Israel, Spain, Lebanon, Iran, Singapore, Turkey, Palestine, Armenia, and Yemen. But why was the spyware targeted at activists? Well within the eastern hemisphere, a lot of government entities don't support the act of activism or rebellion against the government. In effect, many activists have received jail times for upwards of 8 years.
Attacks like this are unfortunate. When governments purchase spyware to infiltrate the lives of the civilians they are supposed to serve. If you wish to become safer online and avoid being exploited, please be sure to subscribe to our newsletter where you will be notified of new article uploads. CosmodiumCS will soon be releasing a course on the best practices on online safety and privacy. Those subscribed to the newsletter or YouTube channel will be notified of its release. Thanks for reading, and as always,
© 2021 by Cosmodium CyberSecurity LLC