Satya Nadella, CEO of Microsoft
Microsoft said it believes an Israeli company was behind malware that was used to attack PCs running its Windows operating system.
The move represents a new step Microsoft is taking to reduce online security incidents. The company has also sought to identify government-backed hackers, such as the Chinese group it calls Hafnium, which it claims was behind attacks on its Exchange Server email software.
Microsoft calls the organization that sold the software Sourgum, although the University of Toronto’s Citizen Lab has said the company is Candiru, Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, wrote in a blog post.
The company said Sourgum sells products to government agencies, which can then kick off hacks on various devices. The malware, dubbed DevilsTongue, has been used to attack over 100 victims, including activists, politicians, journalists and embassy workers, Goodwin wrote. Rather than go after large companies, attackers have mainly used DevilsTongue to infiltrate consumer accounts, she wrote.
The Citizen Lab and Microsoft found two security vulnerabilities that Candiru had exploited, and Microsoft issued updates to address them on Tuesday, Citizen Lab researchers said in their own blog post.
Windows 10, originally released in 2015, is the world’s most popular operating system, and the two patches are available for multiple Windows 10 versions, along with older versions and Windows Server releases.
While Microsoft needs to protect its users from attacks such as those mounted with Candiru malware, the company is also trying to build a meaningful business around security software. On Monday the company announced the acquisition of RiskIQ.