Researchers have uncovered new infrastructure used by Candiru’s DevilsTongue spyware, highlighting active clusters in Hungary, Saudi Arabia, and Indonesia. The report discusses the spyware’s deployment methods and mentions the recent acquisition of Candiru’s assets by Integrity Partners, raising concerns about potential continued threats. #Candiru #DevilsTongue #IntegrityPartners #Espionage #Cyberattacks
Keypoints
- Candiru’s DevilsTongue spyware operates through multiple infrastructure clusters, with several still active.
- The malware can be delivered via spearphishing, watering hole attacks, and physical access.
- Some infrastructure layers utilize the Tor network to facilitate dark web operations.
- A new entity, Integrity Labs Ltd., was identified in Candiru’s network around its acquisition by Integrity Partners.
- The spyware targeted political groups, such as Spain’s Catalan independence campaign, indicating a focus on espionage.
Read More: https://therecord.media/candiru-spyware-active-infrastructure-hungary-saudi-arabia