Israeli company malware attacked Windows operating system

Israeli company malware attacked Windows operating system 1
The move represents a new step Microsoft is taking to reduce online security incidents.

NEW YORK: An Israeli company was behind malware that was used to attack PCs running its Windows operating system, Microsoft said.

Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, called SOURGUM.

The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.

Microsoft calls the organization that sold the software Sourgum, although the University of Toronto’s Citizen Lab has said the company is Candiru, Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, wrote in a blog post.

The company said Sourgum sells products to government agencies, which can then kick off hacks on various devices. The malware, dubbed DevilsTongue, has been used to attack over 100 victims, including activists, politicians, journalists and embassy workers, Goodwin wrote. Rather than go after large companies, attackers have mainly used DevilsTongue to infiltrate consumer accounts, she wrote.

The Citizen Lab and Microsoft found two security vulnerabilities that Candiru had exploited, and Microsoft issued updates to address them on Tuesday, Citizen Lab researchers said in their own blog post.

Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.

While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.

Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and other devices.

With these hacking packages, usually the government agencies choose the targets and run the actual operations themselves.

The tools, tactics, and procedures used by these companies only adds to the complexity, scale, and sophistication of attacks. We take these threats seriously and have moved swiftly alongside our partners to build in the latest protections for our customers.

Add a Comment

Your email address will not be published. Required fields are marked *