Powerful Spyware Exploits Enable a New String of 'Watering Hole' Attacks
Suspected Russian hackers linked to APT29 Cozy Bear executed "watering hole" attacks on Mongolian government websites, targeting unpatched devices with exploits similar to commercial spyware, highlighting ongoing cybersecurity risks.
Read original article
Suspected Russian hackers, linked to the APT29 Cozy Bear group, have executed a series of "watering hole" attacks by compromising Mongolian government websites. These attacks utilized sophisticated spyware exploits similar to those developed by commercial vendors like NSO Group and Intellexa. Between November 2023 and July 2024, the hackers targeted devices that had not been updated with security patches for vulnerabilities in Apple's iOS and Google's Android. The exploits used were either identical or strikingly similar to those previously offered by these commercial surveillance vendors. Google’s Threat Analysis Group (TAG) noted that while the exact acquisition method of these exploits remains unclear, it highlights the concerning trend of commercial spyware tools being repurposed by state-backed actors. The hackers demonstrated a high level of technical proficiency, indicating they are well-resourced. The use of n-day exploits—previously zero-day vulnerabilities that have since been patched—remains a significant threat, particularly for users with outdated devices. The findings underscore the ongoing risks posed by sophisticated cyber threats and the potential for mass targeting through compromised websites.
- Russian hackers are using advanced spyware exploits in recent attacks.
- The attacks targeted unpatched devices through compromised government websites.
- Exploits used were similar to those from commercial spyware vendors.
- The trend shows state-backed actors repurposing commercial hacking tools.
- N-day exploitation remains a significant cybersecurity threat.
Related
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
Russian government hackers used spyware exploits made by NSO and Intellexa
Russian hackers are exploiting vulnerabilities similar to those from NSO Group, targeting Mongolian government websites and affecting iPhone and Android users. Google urges software updates to mitigate risks.
0 commentsRelated
Hackers breach ISP to poison software updates with malware
A Chinese hacking group, StormBamboo, breached an ISP to inject malware into software updates, exploiting insecure mechanisms. They redirected requests to install malware on victims' devices, including a malicious Chrome extension.
Mac and Windows users infected by software updates delivered over hacked ISP
Hackers compromised an ISP to deliver malware to Windows and Mac users via software updates, affecting multiple applications. Users are advised to avoid insecure updates and use secure DNS protocols.
China-linked cyber-spies infect Russian govt, IT sector
Chinese cyber-spies compromised Russian government and IT systems using malware, including GrewApacha and CloudSorcerer, through phishing emails and cloud services, indicating collaboration among state-sponsored hacking groups.
New 0-Day Attacks Linked to China's 'Volt Typhoon'
Malicious hackers linked to China's Volt Typhoon group are exploiting a zero-day vulnerability in Versa Director, urging customers to update systems to prevent potential disruptions to critical U.S. infrastructure.
Russian government hackers used spyware exploits made by NSO and Intellexa
Russian hackers are exploiting vulnerabilities similar to those from NSO Group, targeting Mongolian government websites and affecting iPhone and Android users. Google urges software updates to mitigate risks.