"Israeli spyware maker behind new attack on journalists, cybersecurity firm says" 21 July 2022

Security researchers have linked the discovery of an actively exploited, but since-fixed, zero-day vulnerability in Google Chrome to an Israeli spyware maker known to target journalists in the Middle East.

Avast Threat Labs, a global cybersecurity company, attributed the attacks to the Tel Aviv-based spyware vendor commonly known as Candiru...

Candiru was sanctioned in November 2021 by the US Commerce Department for engaging in activities contrary to US national security.

Avast detected the latest Candiru attack in March using an updated toolset that aimed to target individuals in Turkey, Yemen and Palestine - as well as journalists in Lebanon where Candiru compromised a website used by employees of an unnamed news agency.

“We can’t say for sure what the attackers might have been after, however often the reason why attackers go after journalists is to spy on them and the stories they’re working on directly, or to get to their sources and gather compromising information and sensitive data they shared with the press,” Avast said in a statement.

The company is currently registered in Tel Aviv under the name, Saito Tech.

Middle East Eye reached out to a Candiru executive last year following the revelations by online security firm ESET and was told that the company and its products don’t hack websites.

“The product of the company [Candiru] is purposed to help law enforcement agencies to fight terror and crime, at a time all unlawful activities are encrypted, hiding from the law.”

"The company is selling its products to government agencies only, after receiving all needed licences from the Israeli MOD [Ministry of Defence] export control...