Israeli spyware firm targeted Mideast journalists – report

Research from a cybersecurity company indicates that Candiru hacked journalists throughout the Middle East.

By Lauren Marcus, World Israel News

An Israeli spyware company has reportedly leveraged a now-fixed vulnerability in the Google Chrome internet browser to target Middle Eastern journalists and gain access to their data and the contents of their devices.

Tel Aviv-based Candiru, also known as SAITO Tech, uses proprietary technology to engage in cyberespionage. As recently as 2021, Candiru was officially sanctioned alongside another Israeli spyware firm, the NSO Group, by the U.S. Department of Commerce.

Candiru was blacklisted “based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” according to a statement on the Department of Commerce’s website.

But despite the public rebuke, Candiru appears to have continued its activities, reportedly acting as a hacking-for-hire firm on behalf of various governments.

Cybersecurity company Avast released a report last week, which they said linked Candiru to a number of cyber spying incidents targeting journalists throughout the Middle East.

The alleged victims of the hacking were located in Lebanon, Turkey, and Yemen, as well as in Palestinian Authority-controlled cities.

“We can’t say for sure what the attackers might have been after, however often the reason why attackers go after journalists is to spy on them and the stories they’re working on directly, or to get to their sources and gather compromising information and sensitive data they shared with the press,” said Jan Vojtěšek, a researcher at Avast, in a statement on the company’s website.

“We believe the attacks were highly targeted.”

According to a TechCrunch report, Candiru successfully retrieved some 50 data points from a victim’s browser, including its time zone, language, device type, language, screen information, device memory, and browser plugins.

It’s unclear who or what entities obtained Candiru’s services for the spying attacks.