Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Google says Russian hackers using iOS, Chrome flaws to steal users data – ET CISO

Google says Russian hackers using iOS, Chrome flaws to steal users data – ET CISO

Google says Russian hackers using iOS, Chrome flaws to steal users data – ET CISO

https://etimg.etb2bimg.com/thumb/msid-112934730,imgsize-25018,width-1200,height=765,overlay-etciso/data-breaches/google-says-russian-hackers-using-ios-chrome-flaws-to-steal-users-data.jpg

The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Chrome on Android exploits created by commercial spyware vendors like NSO Group and Intellexa in a series of cyberattacks between November 2023 and July 2024.

“The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123,” said Google’s Threat Analysis Group (TAG).

Google’s TAG said the n-day flaws have already been patched but remain effective on devices that have not been updated.

Hackers are using watering hole tactics

Google says that APT29, also known as “Midnight Blizzard”, targeted multiple websites of the Mongolian government and employed “watering hole” tactics.

“We assess with moderate confidence the campaigns are linked to the Russian government-backed actor APT29. In each iteration of the watering hole campaigns, the attackers used exploits that were identical or strikingly similar to exploits previously used by commercial surveillance vendors (CSVs) Intellexa and NSO Group,” it said.

A watering hole is a type of cyberattack where a legitimate site is compromised with malicious code designed to deliver payloads to visitors that meet specific criteria.

Why these hackings are dangerous

Google’s threat analysts note that APT29 has a long history of exploiting zero-day and n-day vulnerabilities. The hackers leveraged an iOS WebKit flaw for stealing browser cookies from iPhone users running iOS 16.6.1 and older.

TAG reports that this exploit was exactly the same as the one Intellexa used in September 2023, leveraging CVE-2023-41993 as a zero-day vulnerability at the time.

In a similar way, APT29 leveraged exploits on Google Chrome to attack Android users visiting compromised websites. The purpose was to steal cookies, passwords, and other sensitive data stored on the victims’ Chrome browser.

Since the patch for these exploits are available, iPhone and Android users are advised to install updates as soon as they can to protect their privacy.

  • Published On Aug 31, 2024 at 02:45 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket