(Paris) Slovak cybersecurity firm ESET on Tuesday unveiled a campaign of targeted cyber-attacks linked to the very low-profile Israeli company Condy, which specializes in cyber-infiltration in the Middle East. On November 4, Candiru was blacklisted in the United States along with the NSO, the Israeli company responsible for spyware Pegasus.
“We believe Condyr’s client was behind the attacks,” Eset’s Sleet AFP explained to Matthew Fouke, who conducted the investigation, with the tools provided later.
Eset does not explicitly name this client, but represents Saudi Arabia.
The Citizen Lab, a specialized laboratory at the University of Toronto, claims that the hackers used the same type of domain names used in another campaign attributed to Saudi Arabia, according to the cybersecurity company.
“Water point” technique
The campaign highlighted by Eset was a “watering hole” type attack and was observed between July 2020 and August 2021.
This involves compromising the victims by trapping the specific legitimate websites that these individuals are likely to visit with malicious code.
In this particular case, the sites involved are media sites or Internet service providers, government sites or military aviation companies that link to Yemen and have conflicts there, Eset said.
British media, Middle East Eye, The Italian company Piaggio Aerospace, the official websites of the states of Iran, Syria and Yemen, and the pro-Iranian Hezbollah websites were affected.
The most targeted campaign
The attacker also created a fake version of the Medica Medical Fair site in Dసsseldorf, Germany, according to ESET.
Mr. According to Fow, this is not a mass campaign, but a campaign aimed at “too small” targeting too many people.
On November 4, the US Department of Commerce blacklisted Candiru and three other companies specializing in the sale of computer attack tools: the Israeli NSO, publisher of the infamous Spyware Pegasus, the Russian company Positive Technologies, and the Singapore Computer Security Initiative Consultancy.
This blacklist restricts trade with designated companies.