August 29, 2024 at 09:05AM
Between November 2023 and July 2024, the Russian state-sponsored APT29 group, also known as “Midnight Blizzard,” utilized iOS and Android exploits in cyberattacks on Mongolian government websites. Google’s Threat Analysis Group identified the group’s use of n-day flaws that remain effective on devices not updated. APT29’s exploits overlapped with those of commercial spyware vendors.
From the meeting notes, the key takeaways are:
– The Russian state-sponsored APT29 hacking group has been observed using iOS and Android exploits created by commercial spyware vendors in cyberattacks between November 2023 and July 2024.
– The n-day flaws used by APT29 have already been patched, but they remain effective on devices that have not been updated.
– APT29, also known as “Midnight Blizzard”, targeted multiple websites of the Mongolian government and employed “watering hole” tactics.
– APT29 has a long history of exploiting zero-day and n-day vulnerabilities, targeting government officials in Eastern Europe and the Mongolian government.
– APT29 leveraged exploits for CVE-2024-5274 and CVE-2024-4671 in July 2024 to attack Android users, aiming to steal cookies, passwords, and other sensitive data stored on the victims’ Chrome browser.
– It is unclear how APT29 gained access to the information, with possibilities including hacking spyware vendors, recruiting rogue insiders, or maintaining collaboration directly or via an intermediary. However, these individual scenarios seem implausible.
These are the key highlights from the meeting notes. Let me know if you need any further assistance.