Israeli spyware developer Candiru may have made unauthorized changes to numerous websites



There is a cyber attack method called

'watering hole attack ' that activates an attack when the target person accesses a website that is likely to be browsed by unauthorized access and changes. It was reported that Israeli spyware developer Candiru may have used this watering hole attack to carry out a large-scale attack.

Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity
https://www.welivesecurity.com/2021/11/16/strategic-web-compromises-middle-east-pinch-candiru/



Hackers Compromised Middle East Eye News Website to Hack Visitors, Researchers Say
https://www.vice.com/en/article/pkpbdm/hackers-compromised-middle-east-eye-news-website-to-hack-visitors-researchers-say

Candiru is a company that is said to be composed of former members of the Israel Defense Forces intelligence unit organization, Unit 8200, and it has been pointed out that it may have developed the malware 'Devils Tongue' that exploits the zero-day vulnerability of Windows. Following this allegation, Candiru was blacklisted by the US government in November 2021.

Microsoft announces that Israeli private company may have developed 'Devils Tongue' malware that exploits Windows zero-day vulnerabilities-GIGAZINE



This watering hole attack, which allegedly involves Candiru, was discovered as part of ESET's research team's watering hole attack detection work. According to the research team, about 20 related to the Middle East region such as 'the website of the government agency of Iran, Syria and Yemen', 'the website of the Italian aerospace company' and 'the website of the defense related website owned by the South African government'. The website was said to have been tampered with between March 2020 and August 2021. The attack C & C server connected by this change was consistent with the server Candiru used in the past, so the research team concluded that Candiru's tools were used in a series of watering hole attacks. It is attached.

According to ESET's Matthew Fau , it is unknown who was the target of the attack because detailed data on the attack could not be obtained. Also, at the time of writing the article, the changes to the website were restored, but it is unknown whether the website owner deleted the malicious code or the hacker deleted it to hide the evidence of the attack. It has been.

One of the modified websites, the British news site Middle East Eye , published an article about the attack that was discovered, saying, 'We are to the parties who may have been involved in the attack. Against this, we are looking for legal action. This attack could have serious consequences for the future of press freedom. At this time, this attack is an original and quality of our Middle East. I am confident that our high coverage capacity has not been compromised. '

Candiru: Israeli spyware, blacklisted by US,'suspected' in attack on Middle East Eye | Middle East Eye
https://www.middleeasteye.net/news/candiru-israel-spyware-suspected-attack-middle-east-eye



On the other hand, Candiru members said about the watering hole attack that was discovered this time, 'We cannot know how clients are using Candiru's tools or who they are targeting.' Only sells its products to government agencies. Candiru and Candiru's products do not hack websites, 'he said , denying involvement.

in Web Service,   Security, Posted by log1o_hf