Hackers infect news websites to spy on their visitors

An ESET security report notes that an Israeli firm collaborated in the hacking of a UK-based news website, using it to compromise visitors. According to experts, the Israeli company Candiru helped a state threat actor compromise the Middle East Eye online platform to use this website in a watering hole attack, allowing it to steal confidential information from users.

This company was recently blacklisted by the U.S. Department of Commerce, arguing that Candiru sells spying software to various threat actors, including nation states, which use these hacking tools to target activists, political opponents, businessmen and journalists.

Cybersecurity experts point out that Candiru operates with a low profile, as it doesn’t even have a public website or direct means of contact. This is a clear indication of the type of software developed by the company and the type of organizations interested in its services. This year, Candiru was linked to a hacking campaign against activists and journalists internationally.

On the attack on Middle East Eye, a journalistic website specializing in the Middle East, experts mention that hackers were able to compromise the systems of some users as long as they met some previously established characteristics. Matthieu Faou, a researcher at ESET, says Candiru helped the government of an unnamed country compromise some Middle East Eye-themed websites in order to gather information on Yemen.

A supposed spokesperson for the company appeared to mention that Candiru does not deploy cyberattacks for its customers, in addition to denying having any control over the use that these customers give to their products.

This is not the only Israeli company accused of similar practices. NSO Group is another popular intelligence, research and software development company accused of collaborating with malicious hackers and authoritarian governments to deploy complex espionage tasks, mainly using the well-known Pegasus spyware.

Human rights activists have continually pointed out that these companies appear to be acting without restriction, taking advantage of loopholes and making millions of dollars in profits, putting at risk the privacy and physical integrity of social activists, political dissidents and private actors.