Main Product

Sold to:

Uzbekistan

Operating in:

Armenia

Austria

Hungary

Iran

Israel

Palestine

Slovenia

Skip to:

Candiru

Candiru offers cyber-attacks-as-a-service where people can sell and hire offensive cyber tools for hacking computer networks. Candiru is known to sell hacking technology for those who want to spy on phones and computers. Candiru offers its clients — international, mainly from Europe — a thorough and complete cybersystem that customers can use to see exactly how many targets have been penetrated by their hacks and what information has been obtained.[1]

Candiru’s specialty, hacking Microsoft Windows for nation-state intelligence agencies, is one key revenue stream. And one of those Candiru customers is almost certainly Uzbekistan, according to Brian Bartholomew, a researcher at Russian cybersecurity company Kaspersky Lab. He claimed that a lapse in an Uzbekistan intelligence agency’s operational security allowed him to link multiple Windows vulnerabilities used in Uzbek attacks back to Candiru and two other customers: Saudi Arabia and the U.A.E.[2]  Human rights experts have now raised the alarm about Candiru’s customer base and the potential for abuse. Bartholomew and another source with knowledge of the attacks said he discovered Candiru surveillance software was used in previously reported hacks on Uzbek human rights activists and independent media.

TheMarker Claims that NSO is also a customer of Candiru as it is often seen contacting the surreptitious firm for some espionage-related projects. Two industry sources said the main Candiru financial backer was Founders Group, cofounded by one of the three men who set up NSO, Omri Lavie.[3]

It is believed to employ 120 people and generate annual sales of $30 million a year, but that is only speculation by outsiders. If true, that would make it Israel’s second-largest offensive cyber company after NSO, not counting publicly traded Verint and general defense companies.[4] Like other companies in Israel’s renowned cybersecurity industry, Candiru recruits heavily from the Israel Defense Forces 8200 intelligence unit.[5]

The New York Times reported in 2021 that Israel has continued to allow and even encourage cyber-surveillance companies to secretly work with Saudi Arabia, despite recurring reports that Israeli tech was being used to clamp down on dissent and target opposition figures, including possible ties to the killing of dissident journalist Jamal Khashoggi. According to the report, one of the firms given permission by the Defense Ministry to work with Saudi Arabia was Candiru.[6]

In July 2021 Microsoft said it issued a software update to block spy tools developed by the firm that were allegedly used to snoop on over 100 people worldwide, including dissidents, activists and journalists. Microsoft said people targeted in “precision attacks” by the spyware were located in the Palestinian territories, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia and Singapore. Citizen Lab said Candiru’s spyware infrastructure included websites “masquerading as advocacy organizations” such as Amnesty International and Black Lives Matter.[7]

 

Usage by Israeli forces:

According to Citizenlab Candiru Cybersystems were being operated in Israel.[7]

Candiru

Candiru offers cyber-attacks-as-a-service where people can sell and hire offensive cyber tools for hacking computer networks. Candiru is known to sell hacking technology for those who want to spy on phones and computers. Candiru offers its clients — international, mainly from Europe — a thorough and complete cybersystem that customers can use to see exactly how many targets have been penetrated by their hacks and what information has been obtained.[1]

Candiru’s specialty, hacking Microsoft Windows for nation-state intelligence agencies, is one key revenue stream. And one of those Candiru customers is almost certainly Uzbekistan, according to Brian Bartholomew, a researcher at Russian cybersecurity company Kaspersky Lab. He claimed that a lapse in an Uzbekistan intelligence agency’s operational security allowed him to link multiple Windows vulnerabilities used in Uzbek attacks back to Candiru and two other customers: Saudi Arabia and the U.A.E.[2]  Human rights experts have now raised the alarm about Candiru’s customer base and the potential for abuse. Bartholomew and another source with knowledge of the attacks said he discovered Candiru surveillance software was used in previously reported hacks on Uzbek human rights activists and independent media.

TheMarker Claims that NSO is also a customer of Candiru as it is often seen contacting the surreptitious firm for some espionage-related projects. Two industry sources said the main Candiru financial backer was Founders Group, cofounded by one of the three men who set up NSO, Omri Lavie.[3]

It is believed to employ 120 people and generate annual sales of $30 million a year, but that is only speculation by outsiders. If true, that would make it Israel’s second-largest offensive cyber company after NSO, not counting publicly traded Verint and general defense companies.[4] Like other companies in Israel’s renowned cybersecurity industry, Candiru recruits heavily from the Israel Defense Forces 8200 intelligence unit.[5]