Monday, May 26, 2025
LBNN
  • Business
  • Markets
  • Politics
  • Crypto
  • Finance
  • Energy
  • Technology
  • Taxes
  • Creator Economy
  • Wealth Management
  • Documentaries
No Result
View All Result
LBNN

Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

Simon Osuji by Simon Osuji
August 29, 2024
in Artificial Intelligence
0
Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


In recent years, elite commercial spyware vendors like Intellexa and NSO Group have developed an array of powerful hacking tools that exploit rare and unpatched “zero-day” software vulnerabilities to compromise victim devices. And increasingly, governments around the world have emerged as the prime customers for these tools, compromising the smartphones of opposition leaders, journalists, activists, lawyers, and others. On Thursday, though, Google’s Threat Analysis Group is publishing findings about a series of recent hacking campaigns—seemingly carried out by Russia’s notorious APT29 Cozy Bear gang—that incorporate exploits very similar to ones developed by Intellexa and NSO Group into ongoing espionage activity.

Between November 2023 and July 2024, the attackers compromised Mongolian government websites and used the access to conduct “watering hole” attacks, in which anyone with a vulnerable device who loads a compromised website gets hacked. The attackers set up the malicious infrastructure to use exploits that “were identical or strikingly similar to exploits previously used by commercial surveillance vendors Intellexa and NSO Group,” Google’s TAG wrote on Thursday. The researchers say they “assess with moderate confidence” that the campaigns were carried out by APT29.

These spyware-esque hacking tools exploited vulnerabilities in Apple’s iOS and Google’s Android that had largely already been patched. Originally, they were deployed by the spyware vendors as unpatched, zero-day exploits, but in this iteration, the suspected Russian hackers were using them to target devices that hadn’t been updated with these fixes.

“While we are uncertain how suspected APT29 actors acquired these exploits, our research underscores the extent to which exploits first developed by the commercial surveillance industry are proliferated to dangerous threat actors,” the TAG researchers wrote. “Moreover, watering hole attacks remain a threat where sophisticated exploits can be utilized to target those that visit sites regularly, including on mobile devices. Watering holes can still be an effective avenue for … mass targeting a population that might still run unpatched browsers.”

It is possible that the hackers purchased and adapted the spyware exploits or that they stole them or acquired them through a leak. It is also possible that the hackers were inspired by commercial exploits and reverse engineered them by examining infected victim devices.

“NSO does not sell its products to Russia,” Gil Lainer, NSO Groups vice president for global communications, told WIRED in a statement. “Our technologies are sold exclusively to vetted US & Israel-allied intelligence and law enforcement agencies. Our systems and technologies are highly secure and are continuously monitored to detect and neutralize external threats.”

Between November 2023 and February 2024, the hackers used an iOS and Safari exploit that was technically identical to an offering that Intellexa had first debuted a couple of months earlier as an unpatched zero-day in September 2023. In July 2024, the hackers also used a Chrome exploit adapted from an NSO Group tool that first appeared in May 2024. This latter hacking tool was used in combination with an exploit that had strong similarities to one Intellexa debuted back in September 2021.

When attackers exploit vulnerabilities that have already been patched, the activity is known as “n-day exploitation,” because the vulnerability still exists and can be abused in unpatched devices as time passes. The suspected Russian hackers incorporated the commercial spyware adjacent tools, but constructed their overall campaigns—including malware delivery and activity on compromised devices—differently than the typical commercial spyware customer would. This indicates a level of fluency and technical proficiency characteristic of an established and well-resourced state-backed hacking group.

“In each iteration of the watering hole campaigns, the attackers used exploits that were identical or strikingly similar to exploits from [commercial surveillance vendors], Intellexa and NSO Group,” TAG wrote. “We do not know how the attackers acquired these exploits. What is clear is that APT actors are using n-day exploits that were originally used as 0-days by CSVs.”

Updated at 2pm ET, August 29, 2024: Added comment from NSO Group.



Source link

Related posts

The Quest to Prove the Existence of a New Type of Quantum Particle

The Quest to Prove the Existence of a New Type of Quantum Particle

May 25, 2025
22 Best Memorial Day Mattress and Bedding Sales (2025)

22 Best Memorial Day Mattress and Bedding Sales (2025)

May 25, 2025
Previous Post

Top 2 Coins That May Give Major Returns In September

Next Post

Minister Motshekga told the SAAF is critical to national security

Next Post
Minister Motshekga told the SAAF is critical to national security

Minister Motshekga told the SAAF is critical to national security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

Top 10 African countries with the highest fuel prices in November 2024

Top 10 African countries with the highest fuel prices in November 2024

6 months ago
Thanks to AI, the last new Beatles song, ‘Now And Then,’ will be released next week

Thanks to AI, the last new Beatles song, ‘Now And Then,’ will be released next week

2 years ago
CLG Workshop Offers Insight into Congo’s Legal Framework

CLG Workshop Offers Insight into Congo’s Legal Framework

2 months ago
Teledyne FLIR Unveils Cerberus XL Counter-Drone System at AUSA 2024

Teledyne FLIR Unveils Cerberus XL Counter-Drone System at AUSA 2024

7 months ago

POPULAR NEWS

  • Ghana to build three oil refineries, five petrochemical plants in energy sector overhaul

    Ghana to build three oil refineries, five petrochemical plants in energy sector overhaul

    0 shares
    Share 0 Tweet 0
  • When Will SHIB Reach $1? Here’s What ChatGPT Says

    0 shares
    Share 0 Tweet 0
  • Matthew Slater, son of Jackson State great, happy to see HBCUs back at the forefront

    0 shares
    Share 0 Tweet 0
  • Dolly Varden Focuses on Adding Ounces the Remainder of 2023

    0 shares
    Share 0 Tweet 0
  • US Dollar Might Fall To 96-97 Range in March 2024

    0 shares
    Share 0 Tweet 0
  • Privacy Policy
  • Contact

© 2023 LBNN - All rights reserved.

No Result
View All Result
  • Home
  • Business
  • Politics
  • Markets
  • Crypto
  • Economics
    • Manufacturing
    • Real Estate
    • Infrastructure
  • Finance
  • Energy
  • Creator Economy
  • Wealth Management
  • Taxes
  • Telecoms
  • Military & Defense
  • Careers
  • Technology
  • Artificial Intelligence
  • Investigative journalism
  • Art & Culture
  • Documentaries
  • Quizzes
    • Enneagram quiz
  • Newsletters
    • LBNN Newsletter
    • Divergent Capitalist

© 2023 LBNN - All rights reserved.