A Forbes report published Thursday suggests that Israeli company Candiru might have sold “cyber weapons” to the government of Uzbekistan.
Citing “industry sources,” Forbes said the company is hacking both Microsoft Windows and Apple Macs for various nation-states.
Kaspersky researcher Brian Bartholomew told Forbes that a lapse in an Uzbekistan intelligence agency’s operational security allowed him to link multiple Windows vulnerabilities used in Uzbek attacks back to Candiru and two other customers – Saudi Arabia and the UAE. However, Bartholomew did not provide clear links between the leaked tools and the Israeli company.
According to Forbes, Uzbekistan has set up a test computer, exposed on the internet, which tested its hacking tools against various antivirus systems like Kaspersky. Bartholomew’s team found that computer online and noted that it regularly connected to a single Web address, registered in Uzbekistan, and the registrant was the apparent leader of “Military Unit 02616.”
While little is known about that unit, Bartholomew discovered it was part of Uzbekistan’s surveillance agency, the National Security Service (NSS), the report said.
The NSS has a history of buying malware from foreign dealers, Forbes noted, as revealed in the leaked 2015 emails of Italian surveillance company Hacking Team.
The report also suggests a connection between Candiru and the NSO Group, with respect to the companies’ investors. According to “surveillance industry sources,” one of the lead investors is Founders Group managing partner Isaac Zack.
Forbes said it tried to contact Zack, as well as Candiru CEO Eitan Achlow, but had not received any response at the time of publication. An NSO spokesperson said, “NSO is not connected to Candiru.”