Multiple exploits were used to create highly targeted malware.
Microsoft revealed that two zero-day exploits were stopped from being sold to spy agencies and authoritarian governments worldwide by a series of security patches.
Candiru, an Israeli security company, is alleged to have sold the espionage tool. It was used to target journalists, journalists, human rights workers, and academics. As a result, there were at least 100 victims. Although 100 victims is a relatively small number compared to other security breaches or attacks major, the espionage tool is an advanced tool that can be used to target individuals.
This means that the victims of the zero-day exploits and this kit are likely to be high-profile people with valuable information about potentially seismic topics.
Microsoft and Citizen Lab team up to take down exploits
Microsoft has given the threat actor SOURGUM a name, noting that the Microsoft Security Team believes it to be an Israeli private sector firm selling cybersecurity tools worldwide to government agencies. Microsoft has been working with Citizen Lab at the University of Toronto’s network surveillance laboratory and human rights laboratory. They believe that the exploit kit and malware used by SOURGUM have “targeted over 100 victims across the globe.”
Citizen Lab’s investigation into the exploits specifically names Candiru as a “secretive Israel-based company that exclusively sells spyware to governments.” Candiru’s spyware “can infect, monitor, and even control iPhones, Androids and Macs, as well as PCs and cloud accounts.”
Microsoft Security observed victims in Palestine and Israel, Iran, Lebanon. Yemen, Spain. Turkey. Armenia. Many victims were operating in sensitive roles or organizations. Uzbekistan and Saudi Arabia & UAE, Singapore, and Qatar are reported, Candiru clients. Other reported sales include Europe, former Soviet Union countries, Asia, the Persian Gulf, Asia, and Latin America.
Security patches eliminate zero-day exploits.
Zero-day exploits are security vulnerabilities that attackers use to attack a site, service or another system. It is not known by security companies and tech companies and remains vulnerable and unpatched.
The Israeli company that allegedly developed the espionage tool used two zero-day vulnerabilities to access previously secured products. This malware variant was called DevilsTongue.
Although these attacks are alarming, they are often targeted and don’t usually affect regular users. Microsoft has also patched the Zero-Day Exploits used by DevilsTongue malware. This makes this variant of the virus useless. These patches were released in the July 2021 Patch Tuesday. It was live on July 6.