Candiru (spyware company)
| Formerly | Candiru Ltd (2014) |
|---|---|
| Company type | Private |
| Industry | Surveillance technology, Cyber espionage |
| Founded | 2014 |
| Founders | Eran Shorer, Yaakov Weizman |
| Headquarters | , Israel |
Key people | Isaac Zack (Chairman), Eitan Achlow (CEO) |
| Products | Sherlock (software exploit) DevilsTongue (spyware) |
| Owner | Isaac Zach, Eran Shorer,Yaakov Weizman |
Candiru is a private Tel Aviv-based company founded in 2014 which provides spyware and cyber-espionage services to government clients. Its management and investors overlap significantly with that of NSO Group. Its operations began being uncovered in 2019 by researchers at Citizen Lab, Kaspersky, ESET (among others). Microsoft refers to the company's cyber-espionage operations as "Caramel Tsunami/SOURGUM" while Kaspersky refers to it as "SandCat"
Their products exploit zero-days vulnerabilities in a variety of operating systems and web browsers to deploy persistent spyware implant (dubbed "DevilsTongue" by Microsoft) to remotely control the victim's device. Their products are also reportedly capable of compromising Mac, Android, and iPhone devices. Victims are often social engineered into visiting malicious websites which install spyware via a chain of exploits. Their business model is similar to a managed service provider for cyber-espionage, providing exploits, tools and infrastructure for government clients.
It has minimal public presence, requiring employees to sign non-disclosure agreements and follow strict operational security practices to conceal their source of employment. Its corporate name has changed multiple times from 2014 to 2020.
As does many Israeli technology companies it recruits heavily from Unit 8200, which handles signals intelligence and cyberwarfare for the Israeli military. Its name and logo references the parasitic fish candiru which has the (likely apocryphal) ability to implant in the human urethra.