loader image

Tue, Apr 01 | 11:41 pm

Russian Hackers Exploit Spyware Codes from NSO Group and Intellexa, Says Google

by | Aug 31, 2024

Google has uncovered evidence that Russian government hackers, identified as APT29, are using spyware exploits originally developed by NSO Group and Intellexa. These exploits, which had previously been patched, were found embedded on Mongolian government websites in a watering hole attack targeting iPhones and Android devices between November 2023 and July 2024.

APT29, also known as Cozy Bear, is a notorious hacking group linked to Russia’s Foreign Intelligence Service (SVR). The group is known for its sophisticated cyber-espionage campaigns aimed at major tech companies, foreign governments, and critical infrastructure. Google’s Threat Analysis Group (TAG) revealed that APT29 used these exploits to steal user data, including passwords and account cookies, through vulnerabilities in the Safari browser on iPhones and Google Chrome on Android devices.

The attack involved hidden exploit code on websites frequented by Mongolian government employees. The stolen cookies from these visits could then be used to access personal and work accounts. Google highlighted that although the vulnerabilities had been patched, the exploits remained effective on devices that had not been updated.

A key concern raised by Google is how the Russian hackers obtained the exploits. The security firm noted that the exploits used by APT29 were either “identical or strikingly similar” to those developed by NSO Group and Intellexa. The reuse of these codes suggests that Russian hackers may have acquired the exploits through purchase or theft. Google ruled out the possibility that the exploits were independently recreated, given the complexity and specificity of the code.

Google emphasized the importance of keeping software up-to-date to prevent such attacks, particularly on high-risk devices. iPhone and iPad users with the Lockdown Mode feature enabled were not affected by the attack, even if they were running vulnerable software versions. This incident underscores the ongoing global risks associated with spyware technology and its potential misuse by state actors.

0 Comments

text

 

 

 

 

 

 

text

 

 

 

 

 

 

Related Posts

China Dares Trump with War Drills Around Taiwan

China Dares Trump with War Drills Around Taiwan

In a bold and calculated show of force, China has launched massive military drills encircling Taiwan from "multiple directions," a move widely seen as a direct challenge to U.S. influence in the Asia-Pacific and a test of Washington’s commitment to the self-governed...

Relief Efforts Struggle Amid Chaos in Earthquake-Hit Myanmar

Relief Efforts Struggle Amid Chaos in Earthquake-Hit Myanmar

In the wake of the catastrophic 7.7-magnitude earthquake that struck Myanmar on March 28, 2025, international and local aid organizations are racing against time to deliver life-saving supplies to thousands left homeless, injured, and without basic necessities. As the...

Hooters Files for Bankruptcy, Plans Comeback Under New Ownership

Hooters Files for Bankruptcy, Plans Comeback Under New Ownership

Hooters, the iconic restaurant chain known for its wings and waitresses in bright orange shorts, has filed for Chapter 11 bankruptcy—but insists the brand isn’t folding. The company announced the move on Monday, March 31, 2025, revealing plans to sell all 100 of its...

McIlroy Joins Elite Company with $100M PGA Tour Earnings

McIlroy Joins Elite Company with $100M PGA Tour Earnings

Rory McIlroy has officially joined one of the most exclusive clubs in professional golf. The Northern Irishman became just the second player in PGA Tour history to earn over $100 million in career prize money, following in the footsteps of golf legend Tiger Woods....