August 29, 2024 at 09:48AM
Google TAG has identified evidence of Russian state-backed hackers using iOS and Chrome exploits previously associated with commercial spyware vendors NSO Group and Intellexa. These exploits have been used in high-profile corporate hacks, including a breach at Microsoft. The hackers have been observed using exploits against iOS and Android devices, sharing similarities with those used by the surveillance software vendors.
From the provided meeting notes, it’s clear that Google’s Threat Analysis Group has highlighted evidence of a Russian state-backed hacking group, known as APT29 or Midnight Blizzard of NOBELIUM, reusing exploits previously linked to commercial spyware vendors NSO Group and Intellexa. This suggests potential acquisition of tools between state-backed actors and controversial surveillance software vendors. The exploits targeted iOS and Chrome platforms, delivering n-day exploits that were effective against unpatched devices and shared similarities with exploits used by the mentioned spyware vendors. Additionally, the Russian hacking team has been held responsible for high-profile corporate hacks, including a breach at Microsoft involving theft of source code and executive email spools. The researchers identified in-the-wild exploit campaigns, including a watering hole attack on Mongolian government websites, and highlighted the usage of specific exploits targeting vulnerabilities in Apple’s Safari and Google Chrome browsers.
Key takeaways from the meeting notes:
– APT29, a Russian state-backed hacking group, has been observed reusing iOS and Chrome exploits linked to NSO Group and Intellexa, indicating potential collaboration or acquisition of tools between state-backed actors and controversial surveillance software vendors.
– The Russian hacking team, also known as Midnight Blizzard of NOBELIUM, has been implicated in significant corporate hacks, including a breach at Microsoft.
– The exploits targeted iOS and Chrome platforms, delivering n-day exploits effective against unpatched devices and sharing similarities with exploits used by the mentioned spyware vendors.
– Noteworthy in-the-wild exploit campaigns, including a watering hole attack on Mongolian government websites, were identified, along with specific exploits targeting vulnerabilities in Apple’s Safari and Google Chrome browsers.
Please let me know if you need any more information or if there’s anything else I can assist you with.