"We are pretty sure India leaked some of our research.
Beyond the two zero days already abused, according to Kaspersky, "at least six vulnerabilities" made by Moses have made it out "into the wild" in the last two years.Īlso according to Kaspersky, another hacking crew known as DarkHotel - believed by some cybersecurity researchers to be sponsored by South Korea - has used Moses' zero days.
It was not linked to any particular espionage campaign, but Brown confirmed that it was one of his company's, adding that it would "make sense" that India or one of its contractors had weaponised that vulnerability too, the report said.īrown is also exploring whether its code has been leaked or abused by others. The company also looked at a second vulnerability Kaspersky had attributed to Moses, another flaw that allowed a hacker to get higher privileges on a Windows computer. I don't want any part of that, (The Indian embassy in London hadn't responded to requests for comment)," Forbes reported. The Indian use of his company's research was beyond the pale, though Exodus doesn't limit what customers do with its findings, Brown said, adding, "You can use it offensively if you want, but not if you're going to be shotgun blasting Pakistan and China.
India was subsequently cut off from buying new zero-day research from his company in April, said Brown, and it has worked with Microsoft to patch the vulnerabilities. He told Forbes that after an investigation, he believes that India handpicked one of the Windows vulnerabilities from the feed-allowing deep access to Microsoft's operating system, and Indian government personnel or a contractor adapted it for malicious means. That feed is what India bought and likely weaponised, said Exodus CEO and co-founder Logan Brown.
It's marketed primarily as a tool for defenders, but customers can do what they want with the information on those Exodus zero days, ones that typically cover the most popular operating systems, from Windows to Google's Android and Apple's iOS.
Little known outside the cybersecurity and intelligence worlds, over the last ten years, Exodus has made a name for itself with a Time magazine cover story.Įxodus, when asked by Five Eyes countries (an alliance of intelligence-sharing countries that includes the US, the UK, Canada, Australia and New Zealand) or their allies, will provide both information on a zero-day vulnerability and the software required to exploit it.īut its main product is akin to a Facebook news feed of software vulnerabilities, sans exploits, for up to $250,000 a year. And Bitter APT, the Moses customer, is India, added one source. Moses' real identity, Forbes has learnt, is a company based in Austin, Texas, called Exodus Intelligence, according to two sources with knowledge of the Kaspersky research. Sometimes, American companies aren't the victims, but the ones fuelling costly digital espionage.
Aspects of the code looked like some of the Moscow antivirus providers had previously seen and attributed to a company it gave the cryptonym 'Moses', the report said. What piqued the researchers' interest was the hacking software used by the digital spies, whom Kaspersky had dubbed as 'Bitter APT', a pseudonym for an unspecified government agency.
They began in June 2020 and continued through till April 2021. New Delhi: A US companys tech was abused by the Indian government amid warnings that Americans are contributing to a spyware industry already under fire for being out of control, Forbes reported.Įarlier this year, researchers at the Russian cybersecurity firm Kaspersky had witnessed a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan.