Microsoft on July 15 said that it believes an Israeli company was behind malware that was used to attack PCs running in Windows operating system. The move represents Microsoft’s new effort to reduce internet security issues. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.
According to a blog post, Microsoft said that Sourgum sells products to government agencies, which can then kick off hacks on various devices. The malware, dubbed DevilsTongue, has been used to attack over 100 victims, including activists, politicians, journalists and embassy workers. The firm added that instead of going after large companies, attackers have mainly used DevilsTongue to infiltrate consumer accounts.
“By examining how Sourgum’s customers were delivering DevilsTongue to victim computers, we saw they were doing so through a chain of exploits that impacted popular browsers and our Windows operating system,” the blog post read.
It added, “These attacks have largely targeted consumer accounts, indicating Sourgum’s customers were pursuing particular individuals”.
Microsoft will continue to identify PSOAs
The company in question – Sourgum – is a PSOA, or private sector offensive actor, intending to sell “cyberweapons” to its clients to hack them. It is worth noting that even though Microsoft believes that Sourgum was behind the malware, the University of Tronto’s Citizen Lab has, however, identified the group as a company called Candiru. The Citizen Lab and Microsoft found two security vulnerabilities that Candiru had exploited, and Microsoft issued updates to address them on Tuesday.
Microsoft said that this is part of broader legal, technical and advocacy work that the firm is undertaking to address the dangers caused when PSOAs build and sell weapons. As previously said, these companies increase the risk that weapons fall into the wrong hands and threaten human rights. “As we increase our work to identify PSOAs and disrupt the capabilities of their weapons, we will continue to identify them using the names given to trees and shrubs, as we’ve done with Sourgum,” Microsoft added.