Technology made by Israeli cyberattack company Candiru was used to hack news sites in the Middle East and United Kingdom, in order to gain access to their users, the cybersecurity firm ESET reported.
According to the Vice news report of ESET’s research, the hack began in March 2020 and continued through last August. It targeted about 20 websites, including Middle East Eye, a Britain-based news website that focuses on the Middle East and Africa. Their coverage is critical of Middle Eastern regimes and access to the site has been blocked in the past by Saudi Arabia, Egypt and the United Arab Emirates.
Government websites from Iran, Syria and Yemen were also hit in the cyberattack.
The websites, however, were not the final target. According to ESET, the hackers used what is called a watering hole attack to gain access to the websites' visitors.
- Advanced Spyware From Israel's Candiru Discovered on Russian, Palestinian Computers
- Mobile Spytech & Millions in Gulf Deals: Secret Israeli Cyberattack Firm Revealed
- NSO Blacklisting: Global Reckoning Begins for Spyware's Tools of Repression
In this particular hack, the report said, only specific users were targeted, but it is still unknown who these targets were and who was behind the cyberattack. ESET believes that the tools used to infiltrate these websites were made by the Israeli firm Candiru, as the command and control servers used in the attack were found to belong to the company.
Candiru, in addition to Israeli NSO Group, was blacklisted earlier this month by the United States for activities contrary to U.S. national security or foreign policy interests. Candiru is a younger company, specializes in hacking computers.