Microsoft uncovers, combats unique Israeli malware DevilsTongue

The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington.
The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington. (Image credit: Stephen Brashear/Getty Images for Microsoft)

What you need to know

  • The Microsoft Threat Intelligence Center (MSTIC) has uncovered a new threat.
  • The threat is DevilsTongue malware produced by an Israeli private-sector offensive actor.
  • The offensive actor has been dubbed SOURGUM.

As shared by the Microsoft Security Intelligence Twitter account, the Microsoft Threat Intelligence Center (MSTIC) has uncovered a new danger facing denizens of the web: SOURGUM and DevilsTongue.

SOURGUM is MSTIC's name for the Israeli-based private-sector offensive actor it's uncovered. SOURGUM's malware has been going after people worldwide, including human rights activists, journalists, politicians, and academics. Microsoft has issued protections against the malware strains, including a Windows software update. MSTIC's report states that if Windows users have the July 2021 security update, they are protected.

Of the over 100 victims Microsoft has identified, half were detected in Palestinian Authority. To give context to this finding and the actions of SOURGUM, Microsoft explains what the actor's private-sector game might be.

"Private-sector offensive actors are private companies that manufacture and sell cyberweapons in hacking-as-a-service packages, often to government agencies around the world, to hack into their targets' computers, phones, network infrastructure, and other devices," MSTIC's report (opens in new tab) says. "With these hacking packages, usually the government agencies choose the targets and run the actual operations themselves."

Given that SOURGUM has been defined as Israeli-based by MSTIC and half the known targets of its malware are Palestine-based, there may be a political link of some sort, which is hinted at by the report.

To get an in-depth breakdown of SOURGUM's malware, head over to Microsoft's security blog (opens in new tab) where MSTIC analyzes the ins and outs of DevilsTongue in great detail. Everyone who's not a security enthusiast and doesn't want to read about PDB paths and encrypted strings can simply follow along with the latest news from Microsoft and hope the July updates do their job, given that DevilsTongue still hasn't been completely analyzed and understood.

Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to

1 Comment
  • The link is plain as sunlight and that's all i'm sayin.