Microsoft Corp. announced on Thursday that an Israeli group had sold a tool, which could hack into Microsoft Windows quite easily. The company brought this news to light in association with the tech human rights group, Citizen Lab, therefore bringing attention to the rising business of discovering and selling tools to hack the broadly used software.
According to the report issued by Citizen Lab, the hacking tool vendor, called Candiru, created and sold a software exploit that can infiltrate Windows, one of several intelligence products sold by a secretive business that detects flaws in well-known software platforms for their customers.
Moreover, a technical review by security researchers reports how Candiru’s hacking tool spread throughout the globe to numerous unnamed clients, where it was then used to target several civil society regulations, including a Saudi dissident group and a left-leaning Indonesian news outlet, as per the reports by Citizen Lab and Microsoft.
Proof of the exploit obtained by Microsoft suggested it was used against users in numerous nations, including Iran, Lebanon, Spain, and the United Kingdom.
Read more: Microsoft awards $30,000 to Indian ethical hacker, Aditi Singh, for spotting a bug in Azure System
“Candiru’s growing presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse,” Citizen Lab stated in its report.
Furthermore, the company fixed the detected flaws on Tuesday using a software update. Microsoft did not directly associate the exploits to Candiru, rather referring to it as an “Israel-based private sector offensive actor” under the codename Sourgum.
“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and Internet-connected devices,” Microsoft wrote in a blog post. “These agencies then choose who to target and run the actual operations themselves.”
Source: Reuters
