Israeli spyware firm linked to watering hole attacks on Middle East, UK websites
The US placed Candiru on a trade blacklist earlier this month, along with fellow Israeli spyware firm NSO Group Researchers at ESET have spotted a new cyber campaign that saw Tel Aviv-based Candiru's spyware used to target websites and services in several Middle Eastern countries, including Saudi Arabia and Iran.
Candiru sells spyware to government agencies, much like NSO Group; and like NSO, the US placed it on trade backlists earlier this month, along with a Russian firm and a business in Singapore.
The new offensive uses 'watering hole' attacks, where attackers embed malicious code on genuine websites that are likely to be visited by the targets. Once someone lands on the website the code infects their machine, enabling attackers to spy on them or cause harm in various other ways. According to ESET, the websites targeted included London-based news website Middle East Eye, as well as Yemeni media outlets like Almasirah, which is linked to the Houthi rebels fighting the Saudis.