Russian government hackers used spyware exploits made by NSO and Intellexa

Google has reported that Russian government hackers, specifically the group APT29 linked to the SVR, are utilizing exploits that closely resemble those developed by spyware companies NSO Group and Intellexa. The exploits were discovered embedded in Mongolian government websites, potentially compromising the data of visitors using iPhones and Android devices through a "watering hole" attack. This method allowed attackers to steal user account cookies from Safari and Chrome browsers, targeting Mongolian government employees. Google noted that the exploits took advantage of vulnerabilities that had been patched, indicating that unpatched devices remained at risk. The exact means by which the Russian hackers obtained these exploits is unclear, but Google suggests they may have purchased or stolen them. NSO Group has denied selling its products to Russia, asserting that its technologies are only sold to vetted U.S. and allied agencies. Google emphasized the importance of keeping software updated to mitigate such cyber threats, noting that users with high-security features enabled were not affected by the attacks.

- Russian hackers are using exploits similar to those from NSO Group and Intellexa.

- The attacks targeted Mongolian government websites, affecting users of iPhones and Android devices.

- Exploits took advantage of previously patched vulnerabilities, highlighting risks for unpatched devices.

- NSO Group denies selling products to Russia, claiming its technologies are for vetted agencies only.

- Google advises users to keep software updated to prevent cyberattacks.