| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Caramel Tsunami is a threat actor that specializes in spyware attacks. They have recently resurfaced with an updated toolset and zero-day exploits, targeting specific victims through watering hole attacks. Candiru has been observed exploiting vulnerabilities in popular browsers like Google Chrome and using third-party signed drivers to gain access to the Windows kernel. They have also been linked to other spyware vendors and have been associated with extensive abuses of their surveillance tools.
There are currently no families associated with this actor.
| 2022-08-10
⋅
Avast Decoded
⋅
Avast Q2/2022 Threat Report: Farewell to Conti, Zloader, and Maldocs; Hello Resurrection of Raccoon Stealer, and more Ransomware Attacks Conti Raccoon RecordBreaker Zloader Caramel Tsunami |
| 2022-07-21
⋅
Avast Decoded
⋅
The Return of Candiru: Zero-days in the Middle East Caramel Tsunami |
| 2022-04-18
⋅
CitizenLab
⋅
CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru Chrysaor Caramel Tsunami |
| 2021-12-16
⋅
CitizenLab
⋅
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware Chrysaor Caramel Tsunami |
| 2021-11-16
⋅
ESET Research
⋅
Strategic web compromises in the Middle East with a pinch of Candiru Caramel Tsunami Karkadann |
| 2021-07-15
⋅
Microsoft
⋅
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware Caramel Tsunami |