Microsoft said it together with Citizens Lab has found and stopped a hacker tool made by an Israel-based company and used to spy on politicians and journalists. Microsoft said it has disrupted the use of cyberweapons manufactured and sold by a group called Sourgum that it suspects is an Israel-based private sector company called Candiru.
“The weapons disabled were being used in precision attacks targeting more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents.”
Microsoft said it has cooperated with the Citizen Labs at Toronto’s Munk School to stop Sourgum attacks.
Microsoft said it built protections against the unique malware Sourgum created and shared those protections with the security community. It has also issued a software update that will protect Windows customers from exploits Sourgum was using to help deliver its malware.
“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices. These agencies then choose who to target and run the actual operations themselves”, Microsoft said in a blog post.
The work started after receiving a tip from Citizen Lab about malware used by Sourgum that Microsoft has called DevilsTongue.
“By examining how Sourgum’s customers were delivering DevilsTongue to victim computers, we saw they were doing so through a chain of exploits that impacted popular browsers and our Windows operating system.”
Microsoft said the attacks have largely targeted consumer accounts, indicating Sourgum’s customers were pursuing particular individuals.
“The protections we issued this week will prevent Sourgum’s tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint.”