Photo: JACK GUEZ / AFP / Getty Images
Cytrox, a North Macedonian cyber-surveillance company, sold information related to security flaws to government-sponsored hacker groups on Google that can put millions of users who use Chrome and Android at risk.
From Google they indicated that Cytrox customers used this information in conjunction with a spyware program called Predator to carry out cyber attacks
to specific targets.
The company’s disclosures imply that Cytrox not only compiled and marketed Google’s vulnerabilities, but also they also designed a spy program to take advantage of them.
“We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different goverment-backed actors. government that used them in at least the three attack campaigns”, Google announced through a publication on its official blog.
According to the technology giant, the hacker groups that acquired the information are currently operating in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia.
They pointed out that a new problem that is occurring in the field of commercial surveillance is the fact that the number of private actors is increasing, which, like Cytrox, are capable of carrying out this type of operation, which were previously limited to a small number of countries that had the necessary technology.
They highlighted that during the year 1200 received at least 9 Day 0 attacks that were the result of the sale of information related to security flaws in Google services.
They added that the Google Threat Analysis Team (TAG) is tracking currently to 30 companies that carry out activities similar to those developed by Cytrox, with different levels of sophistication. All this shows that there is a significant number of companies that have seen the sale of security flaws as a highly lucrative business opportunity.
“TAG is actively tracking over 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to supported actors by different governments”, they indicated.
This may also interest you:
– FBI confirms purchase of Pegasus spyware, espionage program used against journalists, activists and politicians
– Cell phones of dozens of journalists and rights defenders in El Salvador are hacked
– Hackers impersonate WhatsApp to steal the information of thousands of people