CEO and Co-founder of Exodus Logan Brown told Forbes, “You can use it offensively if you want, but not if you’re going to be . . . shotgun blasting Pakistan and China. I don’t want any part of that.” He said Indian government personnel or a contractor adapted it for malicious means
Earlier this year, researchers at Russian cyber security firm Kaspersky witnessed a cyber espionage campaign targeting Microsoft Windows Pcs at government and telecom entities in China and Pakistan. The software used by the digital spies was named Bitter APT, meaning an unknown government agency. The code looked the same as previously seen by a company with ‘Moses’ as its cryptonym. According to the aforementioned Russian firm, Moses provided a hacking technology known as a “zero-day exploit broker”. Such companies operate in a niche market within the $130 billion overall cyber security industry, creating software an “exploit” that can hack into computers via un-patched vulnerabilities known as “zero days” (the term coming from the fact that developers have “zero days” to fix the problem before it’s publicly known), the article read.
This allows the culprits to find loopholes in the operating systems or apps to break into them. A similar instance such software was recently used was the infamous attack on Solar Winds in 2020, a $2.5 billion company that provided system management tools for network and infrastructure monitoring to customers like Microsoft, Cisco, and the US government. Forbes revealed that Moses is an American company named Exodus Intelligence, and Bitter APT, the attacker, is its customer India, or the Indian government. Normally, Exodus is a cyber-security firm that has made quite a name for itself and has partnerships with major defense contractors like Darpa, and tech companies like Cisco, and Fortinet.
“… its main product is akin to a Facebook news feed of software vulnerabilities, sans exploits, for up to $250,000 a year,” the article read. It added, “It’s marketed primarily as a tool for defenders, but customers can do what they want with the information on those Exodus zero-daysones that typically cover the most popular operating systems, from Windows to Google’s Android and Apple’s iOS.” Exodus CEO and co-founder Logan Brown has said that he believes that India has bought that feed and weaponized it, adding that he believes, “India handpicked one of the Windows vulnerabilities from the feedallowing deep access to Microsoft’s operating systemand Indian government personnel or a contractor adapted it for malicious means.” However, since then, Exodus has barred India from buying any more zero-day research from the company, and the company has worked with Microsoft to fix the vulnerabilities.
Brown said that the customer is not limited to how it uses Exodus’s findings, adding, “You can use it offensively if you want, but not if you’re going to be . . . shotgun blasting Pakistan and China. I don’t want any part of that.” Kaspersky has claimed that at least six vulnerabilities made by Exodus have been leaked to the world, and Dark Hotel, another hacking group in South Korea has been using Moses’ zero days. Co-founder of Exodus said, “We are pretty sure India leaked some of our research,” adding, “We cut them off and haven’t heard anything since then . . . so the assumption is that we were correct,” the Forbes article read. Other than India, only one other customer has ever gone rogue and thus been cut off according to Brown. Knowing that its zero-days can be used offensively, Brown’s company could have chosen not to sell to India, a country that’s been accused of abuse of spyware in recent revelations about the global use of tools made by Israel’s $1 billion-valued NSO Group, Forbes writer Thomas Brewster wondered.
Earlier this year, an investigation by 17 media organizations revealed that India was among several countries using an Israeli company’s spyware in attempted and successful hacks of smartphones belonging to journalists, government officials, and human rights activists around the world. Indian investigative news website The Wire reported that 300 mobile phone numbers used in India including those of government ministers, opposition politicians, journalists, scientists, and rights activists were on the list. The numbers included those of more than 40 Indian journalists from major publications such as the Hindustan Times, The Hindu, and the Indian Express, as well as two founding editors of The Wire, it said. With the software in India’s hands, chances of exploitation and hacks on anti-Modi elements and rival governments will increase, and that is worrying.