Candiru changed its name to Saito Tech ltd. We will refer to them as “Candiru” as they are most well known by that name.
Candiru was founded in 2014 by Eran Shorer and Yaakov Weizman and is based in Tel Aviv, Israel. The largest shareholder and chairman is Isaac Zach, who was also a founding funder of the NSO Group.Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed Israeli spyware firm linked to fake Black Lives Matter and Amnesty websites – report
Candiru offers cyber-attacks-as-a-service where people can sell and hire offensive cyber tools for hacking computer networks. Candiru is known to sell hacking technology for those who want to spy on phones and computers. Candiru offers its clients — international, mainly from Europe — a thorough and complete cybersystem that customers can use to see exactly how many targets have been penetrated by their hacks and what information has been obtained.WhatsApp’s security breach: Made in Israel, implemented worldwide
Candiru’s specialty, hacking Microsoft Windows for nation-state intelligence agencies, is one key revenue stream. And one of those Candiru customers is almost certainly Uzbekistan, according to Brian Bartholomew, a researcher at Russian cybersecurity company Kaspersky Lab. He claimed that a lapse in an Uzbekistan intelligence agency’s operational security allowed him to link multiple Windows vulnerabilities used in Uzbek attacks back to Candiru and two other customers: Saudi Arabia and the U.A.E.Meet Candiru — The Mysterious Mercenaries Hacking Apple And Microsoft PCs For Profit Human rights experts have now raised the alarm about Candiru’s customer base and the potential for abuse. Bartholomew and another source with knowledge of the attacks said he discovered Candiru surveillance software was used in previously reported hacks on Uzbek human rights activists and independent media.CitizenLab : Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
TheMarker Claims that NSO is also a customer of Candiru as it is often seen contacting the surreptitious firm for some espionage-related projects. Two industry sources said the main Candiru financial backer was Founders Group, cofounded by one of the three men who set up NSO, Omri Lavie.(Meet Candiru — The Mysterious Mercenaries Hacking Apple And Microsoft PCs For Profit))
According to information from court filings of a lawsuit filed against Candiru by a former senior employee the company’s 2018 revenues were worth about $20 million and the company has around 150 employees.Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed According to reporting from December 2019, Candiru’s market capitalisation was $90 million (based on the sale of a 10% stake in Candiru which was sold by venture capitalist Eli Wartman to Universal Motors for $9 million).Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed
Like other companies in Israel’s renowned cybersecurity industry, Candiru recruits heavily from the Israel Defense Forces 8200 intelligence unit.Top Secret Israeli Cyberattack Firm, Revealed
A document appended to the lawsuit suggests that the company was in negotiations with potential clients from over 60 countries with a total value of $367 million.Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed
The New York Times reported in 2021 that Israel has continued to allow and even encourage cyber-surveillance companies to secretly work with Saudi Arabia, despite recurring reports that Israeli tech was being used to clamp down on dissent and target opposition figures, including possible ties to the killing of dissident journalist Jamal Khashoggi. According to the report, one of the firms given permission by the Defense Ministry to work with Saudi Arabia was Candiru.Report: Israel pushed spyware firms to work with Saudis despite Khashoggi murder
In July 2021 Microsoft said it issued a software update to block spy tools developed by the firm that were allegedly used to snoop on over 100 people worldwide, including dissidents, activists and journalists. Microsoft said people targeted in “precision attacks” by the spyware were located in the Palestinian territories, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore. Citizen Lab said Candiru’s spyware infrastructure included websites “masquerading as advocacy organizations” such as Amnesty International and Black Lives Matter.Citizenlab : Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Candiru, in addition to Israeli NSO Group, was in November 2021 by the United States for activities contrary to U.S. national security or foreign policy interests.Israel’s Candiru Hacking Tools Used Against Middle East and U.K. Sites, Report Says
In November 2021 the cibersecurity firm ESET reported that technology made by Candiru was used to hack news sites in the Middle East and United Kingdom, in order to gain access to their users. According to the research, the hack began in March 2020 and continued through August 2021. It targeted about 20 websites, including Middle East Eye, a Britain-based news website that focuses on the Middle East and Africa. The websites, however, were not the final target. According to ESET, the hackers used what is called a watering hole attack to gain access to the websites’ visitors.Israel’s Candiru Hacking Tools Used Against Middle East and U.K. Sites, Report Says
TechInquiry published in 2022 documentation of the US Federal Lobbying Communications, where it is shown that Candiru signed five lobbying registrations with a total income of $140,000.Techinquiry : Candiru – US Federal Lobbying Communications
In 2023 it was reported that Candiru has been targeting people in Lebanon, Turkey, Yemen and Palestine since March 2022. with a new toolset that includes zero-day exploits specifically designed for Google Chrome. In Lebanon, it was reported, journalists were targeted by Candiru.New Candiru attack targets journalists in the Middle East
Acquisitions / Subsidiaries / Fundings
Candiru makes efforts to keep its operations, infrastructure, and staff identities opaque to public scrutiny.
Several investment funds ties to Qatar Investment Authority.
Candiru has at least one subsidiary – Sokoto, which was incorporated in March 2020.CitizenLab : Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
A number of independent investors appear to have funded Candiru’s operations over the years. As of Candiru’s notice of allotment of shares filed in February 2021 with the Israeli Corporations Authority, Zack, Shorer, and Weitzman are still the largest shareholders. Three organizations are the next largest shareholders: Universal Motors Israel ltd.(Israel), ESOP Management and Trust Services (Israel), and Optas Industry Ltd.(Malta).CitizenLab : Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
In addition to the involvement of Zack, Candiru shares other points of commonality with NSO Group, including representation by the same law firm and utilization of the same employee equity and trust administration services company.CitizenLab : Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus
Usage by Israeli Forces
According to Citizenlab Candiru Cybersystems were being operated in Israel.CitizenLab : Hooking Candiru Another Mercenary Spyware Vendor Comes into Focus