Candiru was established in Israel in 2014. The CEO of the company and owner of the largest stock share is Isak Zak, one of the founding financiers of the Israeli NSO group that also works in the field of selling spyware to governments. The company is characterized by strict secrecy, as its employees sign strict secrecy agreements. It keeps its operations, infrastructure, and the identities of its employees hidden. It also hides behind different company names. This helped Candiru to stay away from the lights for several years. Candiru is commissioned to work with the Intelligence 8200 Unit of the IDF. It also sells its product to governments exclusively. It provides them with spyware targeting computers, mobile phones, and cloud services. The company produces a complete intelligence system that works as an advanced platform dedicated to penetrating computers, smartphones, and networks by exploiting security breaches in these systems. By using this platform, it is possible to penetrate targeted devices, extract data and information, and determine the networks the target connects to including the Internet, social networks, and email services. Leaked documents revealed that the cost of acquiring the company’s services and products ranges between 17 to 30 million Euros, in addition to the cost of an annually renewed subscription. A Citizen Lab investigation has revealed that Candiru’s software is used for targeting individuals living out of the countries that purchased it, as individuals were targeted in Palestine, Iran, Lebanon, Yemen, Spain, the UK, and Turkey. The software was used for targeting human rights defenders, opposition, journalists, activists, and politicians according to a report by Microsoft about the company.
Country of Origin
Israel
Company’s Branches
None
Partner Companies
Works with governments
Software and Equipment
Sherlock
Type of Attack
zero day attack, Man in Middle Attack
Targeted Software
Skype, Outlook, Telegram, Facebook
Functions
Targeting specific users
Targeted OS
Windows, Android , iOS
Countries
Qatar, Saudi Arabia, UAE
Technical Specifications of Software and Equipment
Candiru uses several tricks to plant spyware on the targeted device, either by a vicious link that automatically downloads malware, a Microsoft Office document that includes malware, or the Man in the Middle attack that depends on intercepting the penetrated device’s data. The company also uses spyware called Sherlock to target Windows, iPhone, and Android devices. After penetrating the targeted device, the software can read the content of many applications like Skype, Outlook, Telegram, and Facebook. The software can also control the microphone and the camera of the penetrated device, identify the geographic location and record passwords. The software can extract data from smartphones like records and destinations of communications in addition to recording calls.
