Skip to main content

Microsoft says Israeli company's malware used to hack dissidents, activists

Microsoft said around half of the victims were located in the Palestinian territories, and many of the remaining targets were based in the Middle East.
Munk School

Microsoft says it disrupted an Israeli private company’s unique malware that hackers in other countries used to spy on political dissidents and rights campaigners. 

After receiving a tip from researchers at Citizen Lab, a watchdog organization at the University of Toronto's Munk School of Global Affairs, Microsoft began investigating malware from a group it dubbed “Sourgum.” 

Sourgum’s malware appeared to use a chain of browser and Windows exploits, including zero-day exploits, the company said. The hackers sent the browser exploits to targets with single-use URLs on messaging applications such as WhatsApp. 

Citizen Lab has assessed with high confidence that the actor Microsoft is calling Sourgum is an Israeli company that goes by the name Candiru. According to the watchdog, Candiru sells spyware that can infect and monitor a range of devices and platforms, including Microsoft's Windows operating system.

Its customers are exclusively foreign governments, Citizen Lab said. Candiru has reportedly previously sold to government agencies in Uzbekistan, the United Arab Emirates and Saudi Arabia. 

Microsoft and Citizen Lab say the malware was used in “precision attacks” targeting more than 100 people worldwide, including politicians, human rights activists, journalists, academics, embassy workers and political dissidents. 

Roughly half of the victims identified were located in the Palestinian territories, with the remaining targets in Israel, Iran, Lebanon, Yemen, Spain’s Catalonia region, the United Kingdom, Turkey, Armenia and Singapore. 

Citizen Lab said it linked Candiru’s spyware infrastructure to sites “masquerading as advocacy organizations,” including Amnesty International and Black Lives Matter. The researchers also detected “lookalike domains” for the United Nations, the World Health Organization and other international organizations. 

“Some of the themes strongly suggest that the targeting likely concerned civil society and political activity,” Citizen Lab said in its report. 

In a blog post Thursday, Microsoft said it is working to address the dangers caused when cyberweapons “fall into the wrong hands and threaten human rights.” As part of that effort, Microsoft joined Facebook in support of its legal case against NSO Group, accusing the Israeli-based spyware developer in December of selling “dangerous” surveillance tools to foreign governments. 

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said. 

Join hundreds of Middle East professionals with Al-Monitor PRO.

Business and policy professionals use PRO to monitor the regional economy and improve their reports, memos and presentations. Try it for free and cancel anytime.

Free

The Middle East's Best Newsletters

Join over 50,000 readers who access our journalists dedicated newsletters, covering the top political, security, business and tech issues across the region each week.
Delivered straight to your inbox.

Free

What's included:
Our Expertise

Free newsletters available:

  • The Takeaway & Week in Review
  • Middle East Minute (AM)
  • Daily Briefing (PM)
  • Business & Tech Briefing
  • Security Briefing
  • Gulf Briefing
  • Israel Briefing
  • Palestine Briefing
  • Turkey Briefing
  • Iraq Briefing
Expert

Premium Membership

Join the Middle East's most notable experts for premium memos, trend reports, live video Q&A, and intimate in-person events, each detailing exclusive insights on business and geopolitical trends shaping the region.

$25.00 / month
billed annually

Become Member Start with 1-week free trial

We also offer team plans. Please send an email to pro.support@al-monitor.com and we'll onboard your team.

What's included:
Our Expertise AI-driven

Memos - premium analytical writing: actionable insights on markets and geopolitics.

Live Video Q&A - Hear from our top journalists and regional experts.

Special Events - Intimate in-person events with business & political VIPs.

Trend Reports - Deep dive analysis on market updates.

All premium Industry Newsletters - Monitor the Middle East's most important industries. Prioritize your target industries for weekly review:

  • Capital Markets & Private Equity
  • Venture Capital & Startups
  • Green Energy
  • Supply Chain
  • Sustainable Development
  • Leading Edge Technology
  • Oil & Gas
  • Real Estate & Construction
  • Banking

Start your PRO membership today.

Join the Middle East's top business and policy professionals to access exclusive PRO insights today.

Join Al-Monitor PRO Start with 1-week free trial