Israeli spyware firm’s tech allegedly used to hack Middle East Eye, Iran-linked sites

Illustrative: In this February 17, 2016 photo an iPhone lock-screen is seen. (AP /Carolyn Kaster, File)
Illustrative: In this February 17, 2016 photo an iPhone lock-screen is seen. (AP /Carolyn Kaster, File)

PARIS — Technology sold by Israeli spyware company Candiru appears to have been used for a campaign of cyberattacks targeting high-profile Middle Eastern websites, an analysis by cybersecurity firm Eset says today.

“We think it was a client of Candiru that carried out these attacks,” Eset investigator Matthieu Faou tells AFP.

Eset doesn’t name the client, but points to an investigation by researchers at the University of Toronto that suggested in June that Saudi Arabia may have used similar techniques.

Based in Tel Aviv, Candiru sells sophisticated spyware to governments.

It was blacklisted by the US government earlier this month.

The offensive revealed by Eset used what are known as “watering hole” attacks, which add malicious code to legitimate websites that the targeted user is likely to visit.

Once the person visits the site, the code can then be used to infect their computer — potentially to spy on them or inflict harm in other ways.

The websites targeted in this campaign included UK-based news site Middle East Eye as well as Yemeni media outlets like Almasirah linked to the Iran-backed Houthi rebels battling the Saudis, Eset says.

Another victim was, which Eset says was likely a dissident media outlet in Saudi Arabia.

Internet service providers in Yemen and Syria were also targeted along with the Iranian foreign ministry, Syria’s electricity ministry, and Yemen’s interior and finance ministries.

Other targets included sites run by the pro-Iranian terror group Hezbollah, Italian company Piaggio Aerospace and Denel, a state-owned South African aerospace and military technology conglomerate.

“The attackers also created a website mimicking a medical trade fair in Germany,” Eset notes in a press release, adding that the intrusions were recorded between July 2020 and August this year.

Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed