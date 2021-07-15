Journalists and activists were targeted by a spyware campaign, according to researchers.

Researchers revealed Thursday that a malware campaign utilizing technologies from a clandestine Israeli corporation was used to target and mimic dozens of human rights activists, journalists, dissidents, politicians, and others.

Powerful “cyberweapons” were being deployed in precision attacks targeting more than 100 individuals throughout the world, according to Microsoft security experts and the Citizen Lab at the University of Toronto.

Microsoft announced this week that it had addressed the vulnerability exploited by the gang known as Candiru and Sourgum.

“Candiru is a covert Israel-based firm that provides spyware solely to governments,” Citizen Lab wrote in a blog post, adding that states can use it to “infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.”

“We discovered multiple domains impersonating advocacy organizations like Amnesty International, the Black Lives Matter movement, media corporations, and other civil-society related entities,” Citizen Lab added.

At least 100 victims have been reported by Microsoft in the Palestinian territories, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore.

The US tech giant said it used Windows software updates to counter the attacks, which prevent Candiru from deploying its virus.

According to a Microsoft release, “Microsoft has created and embedded defenses into our products against this particular infection, which we are dubbing DevilsTongue.”

“We’ve shared these safeguards with the security community so that we can address and mitigate this danger as a group.”

According to Microsoft, DevilsTongue was able to enter popular websites such as Facebook, Twitter, Gmail, Yahoo, and others to collect information, read conversations, and retrieve photographs from victims.

“DevilsTongue can also send messages on some of these websites as the victim, giving the impression to any recipient that the victim wrote these messages,” according to a Microsoft Threat Intelligence Center statement.

“The capacity to send messages might be used to spread dangerous links to a larger number of people.”

Researchers from Citizen Lab discovered evidence that the spyware may steal personal information from a variety of apps and accounts, including Gmail, Skype, Telegram, and Facebook.

According to the research, it can also gather browsing history and passwords, as well as turn on the target’s webcam and microphone.

The Israeli corporation’s current name is Saito Tech Ltd, according to Citizen Lab, and it shares some of the same investors and leaders as NSO Group, another Israeli firm under investigation for monitoring software.