Forbes reported that a US company’s technology was misused by the Indian government, amid warnings about Americans contributing to an over-regulated spyware industry.
Researchers at Kaspersky, a Russian cybersecurity company, had seen a cyberespionage campaign against Microsoft Windows PCs in China and Pakistan earlier this year. They started in June 2020 and continued until April 2021. The hackers’ hacking software that was used by digital spies (Kaspersky had called them ‘Bitter APT’), a pseudonym for an unknown government agency, is what piqued their interest. The code was similar to what Moscow’s antivirus providers had seen previously and was attributed to the company that gave it the cryptonym “Moses,” the report stated.
Sometimes, American companies don’t become the victims of digital espionage, but fuel it. Forbes discovered that Moses is actually a Texas-based company called Exodus Intelligence. This according to two sources who have access to the Kaspersky research. Bitter APT, India’s customer, was also added.
Exodus is a little-known company outside of the intelligence and cybersecurity worlds. However, the magazine Time covered the Exodus story in its ten year history.
When asked by Five Eyes countries, an alliance of intelligence-sharing nations that includes the US and Canada, Australia, New Zealand, and Canada, Exodus will give both information about a zero-day vulnerability as well as the software needed to exploit it.
Its main product, however, is similar to a Facebook newsfeed of software vulnerabilities. Although it’s intended to be used by defenders, customers have the option of accessing the Exodus zero day information. These days typically cover all major operating systems including Windows, Android, and Apple’s iOS.
Exodus CEO Logan Brown, co-founder of Exodus, stated that India purchased the feed and probably used it to weaponize it. After an investigation, he told Forbes that he believed that India selected one of the Windows vulnerabilities in the feed, which allowed deep access to Microsoft’s operating systems. Indian government personnel or contractors then modified it for malicious purposes.
According to Brown, India was then banned from purchasing new zero-day research products from Exodus in April. The company has also worked with Microsoft on the patching of the vulnerabilities. Brown stated that the Indian use of Exodus’ research was unacceptable. However, Exodus does not limit customers’ use of its findings. He said, “You can use them offensively if your going to be gunning down Pakistan and China.” Forbes reported that I do not want any of this (The Indian Embassy in London has yet to respond to requests for comment).
Kaspersky also referred to a second vulnerability that Moses had identified. This flaw allowed hackers to gain higher privileges on Windows computers. Although it wasn’t linked to any specific espionage campaign it was confirmed by Brown that it was. He also said that India or one its contractors could have weaponised the vulnerability.
Brown is also investigating whether the code was abused or leaked by others. Kaspersky claims that Moses has made “at least six vulnerabilities” available to the public in the past two years, which is beyond the two zero-days already being abused.
Kaspersky also claims that another hacking team, DarkHotel, was founded by South Korea. They used Moses’ zero-days rule.
Exodus does not have a South Korean customer. “We believe that India has leaked some of our research. Brown stated that they cut off the phone and have not heard from them since, so it is likely that we were right.
Brown could have opted to not sell to India because he knew that the zero-days can be used offensively. This was in light of recent revelations about how Israel’s NSO Group made tools for global use.