As shared by the Microsoft Security Intelligence Twitter account, the Microsoft Threat Intelligence Center (MSTIC) has uncovered a new danger facing denizens of the web: SOURGUM and DevilsTongue.
SOURGUM is MSTIC’s name for the Israeli-based private-sector offensive actor it’s uncovered. SOURGUM’s malware has been going after people worldwide, including human rights activists, journalists, politicians, and academics. Microsoft has issued protections against the malware strains, including a Windows software update. MSTIC’s report states that if Windows users have the July 2021 security update, they are protected.
Of the over 100 victims Microsoft has identified, half were detected in Palestinian Authority. To give context to this finding and the actions of SOURGUM, Microsoft explains what the actor’s private-sector game might be.
“Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and other devices,” MSTIC’s report says. “With these hacking packages, usually the government agencies choose the targets and run the actual operations themselves.”
Given that SOURGUM has been defined as Israeli-based by MSTIC and half the known targets of its malware are Palestine-based, there may be a political link of some sort, which is hinted at by the report.
To get an in-depth breakdown of SOURGUM’s malware, head over to Microsoft’s security blog where MSTIC analyzes the ins and outs of DevilsTongue in great detail. Everyone who’s not a security enthusiast and doesn’t want to read about PDB paths and encrypted strings can simply follow along with the latest news from Microsoft and hope the July updates do their job, given that DevilsTongue still hasn’t been completely analyzed and understood.
We may earn a commission for purchases using our links. Learn more.