Microsoft accused a company that acts as a hacker group and is based in Israel of marketing tools that made it possible to exploit vulnerabilities in the company’s operating system, Windows. The complaint was made in partnership with the human rights group Citizen Labs.
The group involved in the case is Candiru, which would have created and sold a platform capable of promoting remote cyber attacks and carrying out surveillance in various spheres – the form of use and espionage varies according to the buyer.
Customers from all over the world would have acquired the tool from forums and various political and social organizations would have been targeted for its use. Regions such as Iran, Lebanon, Spain and the United Kingdom were the most affected.
Microsoft only recently discovered the vulnerability and covered the hole with a security update. Google, which was another victim of tools from the same company from the Google Chrome browser, has also fixed issues exploited by similar software.
In both cases, the companies did not refer directly to the Candiru group, but cited a “commercial surveillance company” that also operates under the code name Sourgum.