Oh, great. Attacks developed by spyware vendors are being re-used by Russia’s Cozy Bear cretins

Oh, great. Attacks developed by spyware vendors are being re-used by Russia's Cozy Bear cretins

August 29, 2024 at 04:10PM

Google’s Threat Analysis Group detected similarities between attack tactics used by Russia-linked APT29 group and commercial spyware vendors. The APT29 group, known for past cyber intrusions, utilized malware targeting vulnerabilities in mobile operating systems similar to those used by spyware vendors NSO Group and Intellexa. This underscores the danger posed by the proliferation of exploits from the commercial surveillance industry.

Based on the meeting notes provided, the key takeaways are:
– Google’s Threat Analysis Group (TAG) has identified similarities in attack tactics between commercial spyware vendors and Russia-linked attack groups.
– A watering hole attack attributed to the Russia-sponsored APT29 group targeted Mongolia’s Cabinet server and Ministry of Foreign Affairs.
– The TAG team noted similarities between the exploits used in the watering hole attack and those previously used by commercial spyware vendors such as NSO Group and Intellexa.
– Commercial spyware vendors like NSO Group and Intellexa are facing legal and regulatory scrutiny for their activities, with lawsuits and sanctions being imposed.
– The watering hole attack timeline spanned from November 2023 to recent months, with exploits targeting vulnerabilities in mobile operating systems like iOS and Android.

These takeaways highlight the increasing convergence of tactics between state-sponsored attack groups and commercial spyware vendors, as well as the ongoing regulatory and security challenges facing the surveillance industry.

Full Article