Microsoft Targets Sourgum Malware For Termination Following Cyberattacks On Politicians And Journalists

Yesterday, Microsoft's Cristin Goodwin, General Manager for the Digital Security Unit, reported on a cyberweapon being manufactured by a group called Sourgum. This weapon was initially found by the Citizen Lab, at the University of Toronto's Munk School, after being used to attack "more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents."
After some research, Microsoft believes that Sourgum is "an Israel-based private sector offensive actor or PSOA," which has since been identified as a company Candiru by the Citizen Lab. This company "generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets' computers, phones, network infrastructure and internet-connected devices," which is quite concerning for security reasons. As such, Microsoft has moved to analyze the Sourgum malware and protect people against it by publishing its research as well as pushing a Windows update to protect Windows customers.

This update will then prevent Sourgum's malware from working on already infected devices and prevent new infections for updated devices or devices that run Microsoft Defender. Thankfully, this is only one part of the equation as Microsoft undertakes "broader legal, technical and advocacy work" to address the issues of PSOAs building and selling cyberweapons globally. Hopefully, Microsoft will continue to go after companies, so stay tuned to HotHardware for updates on Microsoft's efforts.