Candiru Cyberspionage System

Infiltration tool

Operated in:

Armenia, Austria, Iran, Israel, Lebanon, Palestine, Slovenia, Yemen

Sold to:

Company:

Candiru Cyberspionage System

Infiltration tool

Candiru’s cyberspionage tools can be used to infiltrate computers, servers, mobile devices, and cloud accounts. Its specialty appears to be infiltration of computers, particularly those running Windows OS. In recent years the company has begun developing tools against both iOS and android devices. Also some effort has been spent for developing macOS attacking tools.[1]Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed

Candiru offers its products and services to governmental law enforcement agencies and intelligence agencies to aid surveillance, data exfiltration, and offensive cyber operations. It deals with government clients only. The company states that it prohibits deployment of its products within the U.S., Israel, Russia, China, or Iran (though Microsoft identified Candiru targets in Israel and Iran).[2]Israeli spyware firm linked to fake Black Lives Matter and Amnesty websites – report [3]Israel’s Candiru sold states spyware to hack journalists and dissidents

Candiru allegedly offers a range of target infiltration approaches, including infiltration through hyperlinks, man-in-the-middle attacks, weaponised files, physical attack, and a program called “Sherlock”. The company would reportedly also design new custom spyware in cases where none of the tools in its standard repertoire are successful in infiltrating the target.[4]Israeli spyware firm linked to fake Black Lives Matter and Amnesty websites – report

Usage by Israeli Forces

According to Citizenlab, Candiru Cyberspionage systems were being operated in Israel.[5]Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus