Windows 漏洞利用和 DevilsEye 間諜軟件與以色列 Candiru 公司有關

研究人員說這家以色列公司 微軟研究人員說這家以色列公司 研究人員說這家以色列公司, 研究人員說這家以色列公司, 研究人員說這家以色列公司. 研究人員說這家以色列公司 100 研究人員說這家以色列公司, while 0-day vulnerabilities in browsers and Windows were used for infecting them.

The researchers say the Israeli company Candiru is behind the development of at least two exploits for zero-day vulnerabilities in Windows that have been used to attack and deploy the previously unknown DevilsEye spyware. This malware has affected politicians, human rights defenders, activists, journalists, 與中國有關的 APT 組織 Hafnium 已開始使用新的 Tarrask 惡意軟件來確保在受感染的 Windows 系統上的持久性, embassies and political dissidents around the world.

It is known that Candiru (Microsoft calls it the codename Sourgum) was founded in 2014. And although its vacancies have long made it clear that the company is engaged in cybersecurity issues, previously they knew almost nothing about Candiru’s activities. 現在, thanks to reports from Microsoft and Citizen Lab, it’s clear that the company’s tools are helping its customers infect and take over control of iPhone, 安卓, Mac, 個人電腦, and cloud accounts.

Candiru is a secret Israeli company that exclusively sells spyware to governments.Citizen Lab said.

Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。 “Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。” Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。 100 Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, 西班牙, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, 火雞, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。, Citizen Lab 的研究人員首次發現該間諜軟件,當時他們正在對屬於一個未命名的設備的設備進行網絡取證檢查。.

DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件’ 設備. DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件, DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件, DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件.DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件.

DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件: DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件 (DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件), DevilsEye 通過引誘受害者訪問託管漏洞利用工具包的惡意網站進行傳播,該漏洞利用工具包濫用各種瀏覽器漏洞在受害者身上安裝惡意軟件 (CVE-2021-33742), and two more in Windows (CVE-2021-31979CVE-2021-33771). 目前, manufacturers have already fixed all these problems.

The first three vulnerabilities were already mentioned in a recent report from Google, which also linked attacks on vulnerabilities in Chrome and IE to an unnamedcommercial surveillance company.Google said the bugs were sold to at least two groups ofgovernment hackerswho used them to attack targets in Armenia. Now Google has updated its report and also links the exploitation of these problems with Israeli Candiru.

DevilsTongue enables its carriers to steal victimsfiles, decrypt and steal messages from Signal on Windows devices, and steal cookies and saved passwords from Chrome, IE瀏覽器, 火狐, Safari and Opera browsers.

DevilsTongue may also use cookies stored on the victim’s computer for sites such as Facebook, 推特, Gmail, 雅虎, Mail.ru, Odnoklassniki and Vkontakte to collect confidential information, read messages and extract photos. On some of the listed sites, the spyware can even send messages on behalf of the victim to other people. Some of the anti-spyware tools can prevent such a behaviour, but stopping it requires additional efforts.

Citizen Lab analysts say that Candiru’s hack-for-hire capabilities far exceed what Google and Microsoft experts have predicted. According to Citizen Lab, 多於 750 domains have already been discovered that hosted Candiru, including large clusters in the UAE and Saudi Arabia, suggesting that these two countries are some of the company’s largest customers.

Some of these domains have masked as human rights organizations such as Amnesty International, the Black Lives Matter movement, and media companies, leading experts to conclude that the attacks were mainly directed against activists.

Christine Goodwin, Microsoft’s head of digital security, that companies like Candiru have been supplying cyber weapons to attackers for years, and governments in many countries use these hacking tools against civil society members, not to track down criminals. Goodwin calls for the fight against such companies, whose products are actively used to violate human rights.

A world in which private sector companies manufacture and sell cyber weapons is becoming more dangerous for consumers, businesses of all sizes, and even governments.Goodwin writes.

You can also read here that BIOPASS malware uses OBS Studio streaming software to record victim screens and 如何擺脫Spyware Terminator偽造的系統優化程序?

赫爾加·史密斯

我一直對計算機科學感興趣, 特別是數據安全和主題, 現在被稱為 "數據科學", 從我十幾歲起. 在加入病毒清除團隊擔任主編之前, 我曾在多家公司擔任網絡安全專家, 包括亞馬遜的一名承包商. 另一種體驗: 我在雅頓大學和雷丁大學任教.

發表評論

本網站使用的Akismet,以減少垃圾郵件. 了解您的意見如何處理數據.

返回頂部按鈕