| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting specific victims through watering hole attacks. Candiru has been observed exploiting vulnerabilities in popular browsers like Google Chrome and using third-party signed drivers to gain access to the Windows kernel. They have also been linked to other spyware vendors and have been associated with extensive abuses of their surveillance tools.
| 2022-08-10
⋅
Avast Decoded
⋅
Avast Q2/2022 Threat Report: Farewell to Conti, Zloader, and Maldocs; Hello Resurrection of Raccoon Stealer, and more Ransomware Attacks Conti Raccoon RecordBreaker Zloader Caramel Tsunami |
| 2022-07-21
⋅
Avast Decoded
⋅
The Return of Candiru: Zero-days in the Middle East Caramel Tsunami |
| 2022-04-18
⋅
CitizenLab
⋅
CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru Chrysaor Caramel Tsunami |
| 2021-12-16
⋅
CitizenLab
⋅
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware Chrysaor Caramel Tsunami |
| 2021-11-16
⋅
ESET Research
⋅
Strategic web compromises in the Middle East with a pinch of Candiru Caramel Tsunami Karkadann |
| 2021-07-15
⋅
Microsoft
⋅
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware DevilsTongue Caramel Tsunami |