05 Aug, 2021

Cold Cyber War

Candiru Spyware Firm

According to the Microsoft report, the spyware firm Candiru, which cooperates with the government; It has been found to help them spy on more than 100 victims worldwide, including politicians, dissidents, human rights activists, embassy workers and journalists.

According to the Microsoft Threat Intelligence Center report (MSTIC), more than 750 websites linked to Candiru's spyware infrastructure have been identified. Amnesty International, Black Lives Matter movement etc. They reported that there were many areas masquerading as advocacy organisations, media companies, and other non-governmental-themed organisations. As part of their investigation, at least 100 victims were identified in Palestine, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore.

It has been shared that one of the target domain names for Türkiye is yeni-safak.com.

Who is Candiru?

Headquartered in Tel Aviv, Israel, the company known as "Candiru" is a company that markets untraceable spyware to government customers. It includes solutions for spying on product offerings, computers, mobile devices and cloud accounts.

It turned out that Candiru mainly recruits Unit 8200, the Israeli Army's signals intelligence unit, and sells attack tools for hacking computer systems.

When you enter the lobby of the building in Tel Aviv, which is known to serve as the headquarters of the company, it is not possible to find the name of the company anywhere. In addition, it is impossible to find a website belonging to the company, because there is no website.

It's no coincidence that the company takes its name from Candiru, an Amazon fish famous for invading and parasitizing the urinary tract of humans. The name is pretty much in line with the company that owns the technology used to hack computers or smartphones and spy on users.

It is known that the company constantly changes its headquarters and name in terms of confidentiality. The current name of the company is Saito Tech Ltd. was recorded as.

Candiru's Spyware Offerings

A leaked Candiru project proposal published by TheMarker shows that Candiru's spyware can be installed using a number of different vectors, including malicious links, man-in-the-middle attacks, and physical attacks. A vector called "Sherlock" is also available, which they claim works on Windows, iOS, and Android. This has been found to be a browser-based zero click vector.

Conclusion:

Over time, we can clearly see that the paid spyware industry, such as Candiru and NSO, has many players and is prone to widespread abuse. If this is not a cold cyber war, what is? While it is said that some of them are state-sponsored, what are countries doing instead of fighting each other with hackers typing code at the keyboard instead of guns and bombs? What kind of position should Turkish Cyber Security Institutions create for themselves here? By asking the question, institutions and their employees working in the field of cyber security should have a say in these areas and carry out studies in terms of protection and even attack in this cold cyber war.

Source:

citizenlab.ca

washingtonpost.com

blogs.microsoft.com

bankinfosecurity.com

ft.com

KVKK, ISO 27001, Bilgi ve İletişim Güvenliği Rehberi, ISO 27701, Bilgi Güvenliği, Siber Güvenlik ve Bilgi Teknolojileri konularında destek ve teklif almak için lütfen

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram