New evidence has been discovered proving that more spyware developed by an Israeli company had been used to target and hack computers belonging to critics of autocratic states in the Middle East.
In a report released by researchers from the Slovakian internet security firm, Eset, based in Montreal, the Israeli company, Candiru, was revealed to have links to cyber-attacks against websites in the United Kingdom and the Middle East.
Candiru, known as Israel’s “most mysterious cyberwarfare company,” is reported to carry out the attacks on computers rather than mobile phone devices, which the more well-known NSO Group’s Pegasus spyware focuses on.
According to the report, over the past few years, Candiru conducted “watering hole attacks,” in which the user of the spyware launches malware against websites which attract readers who are considered “targets of interest” by the spyware’s client.
The user is then able to identify details about the individuals who visit those websites, such as the browser or operating system that they use. Following that, the computers being targeted are sometimes able to be taken over by the malware, completely hacking the device which results in the compromised websites being labelled “jumping off sites.”
Websites which were targeted by the Candiru spyware include some affiliated with government ministries in Iran and Yemen, as well as the London-based news outlet, Middle East Eye. In a statement by David Hearst, the editor-in-chief of that outlet, he confirmed that “Substantial sums of money have been spent trying to take us out. This has not stopped us reporting what is going on in all corners of the region and I am confident that they will not stop us in future.”
According to the malware researcher, Matthieu Faou, who revealed the hacking campaigns, Eset set out to uncover the “watering holes” on well-known sites all the way back in 2018 when it developed its own custom anti-spyware system. In 2020, it discovered that an Iranian embassy website in the UAE’s capital, Abu Dhabi, had been infected with malware.
That then led to a broader investigation into the matter, saying that “Our curiosity was aroused by the high-profile nature of the targeted website, and in the following weeks we noticed that other websites with connections to the Middle East were also targeted.”
In January this year, the malware reportedly struck again before the targeted websites were “cleaned” of it late in summer, coinciding with the major report by the University of Toronto’s research group, Citizen Lab, in July. In that report, it was not only the exploits of the well-known Pegasus spyware which were revealed, but also those of Candiru which made “untraceable” spyware.
Both products, made by Israeli cyber firms, were sold to autocratic governments such as Saudi Arabia, the UAE, and others which used them to infect the devices of critics worldwide, with the purpose of spying on them and their activities.
Both the NSO Group and Candiru were earlier this month blacklisted by the United States, a staunch ally of Israel, due to the risks they pose to national security. British members of parliament have also urged the UK to follow suit.