Skip links
Microsft stopping Israeli spyware

Microsoft stopping Israeli hacker tools used against politicians and journalists

Microsoft said it together with Citizens Lab has found and stopped a hacker tool made by an Israel-based company and used to spy on politicians and journalists. Microsoft said it has disrupted the use of cyberweapons manufactured and sold by a group called Sourgum that it suspects is an Israel-based private sector company called Candiru.

“The weapons disabled were being used in precision attacks targeting more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents.”

Microsoft said it has cooperated with the Citizen Labs at Toronto’s Munk School to stop Sourgum attacks.


Microsoft said it built protections against the unique malware Sourgum created and shared those protections with the security community. It has also issued a software update that will protect Windows customers from exploits Sourgum was using to help deliver its malware.

“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices. These agencies then choose who to target and run the actual operations themselves”, Microsoft said in a blog post.


The work started after receiving a tip from Citizen Lab about malware used by Sourgum that Microsoft has called DevilsTongue.

“By examining how Sourgum’s customers were delivering DevilsTongue to victim computers, we saw they were doing so through a chain of exploits that impacted popular browsers and our Windows operating system.”

Microsoft said the attacks have largely targeted consumer accounts, indicating Sourgum’s customers were pursuing particular individuals.

“The protections we issued this week will prevent Sourgum’s tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint.”

Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.