In a startling revelation, Google has uncovered evidence that Russian government hackers, linked to the notorious APT29 group, are using advanced exploits resembling those developed by spyware makers Intellexa and NSO Group. This discovery highlights the alarming potential for dangerous threat actors to weaponize tools originally created by commercial spyware companies.
Google's Threat Analysis Group (TAG) reported that these exploits were embedded on Mongolian government websites between November 2023 and July 2024. Visitors to these sites, using either iPhones or Android devices, were at risk of having their data stolen, including sensitive information like passwords. The attack leveraged vulnerabilities in the Safari browser on iPhones and Google Chrome on Android devices—flaws that had already been patched but remained effective against unpatched devices.
The cyberattack primarily aimed to steal user account cookies, which could then be used to access Mongolian government accounts. The discovery of this sophisticated campaign raises significant concerns about how the Russian hackers acquired these powerful exploits. Google speculates that the Russian government may have either purchased the exploits or stolen them from another source, ruling out the possibility that the hackers developed them independently.
This incident underscores the importance of keeping software up-to-date and highlights the ongoing threat posed by state-sponsored hacking groups. Google emphasized that users with high-security features like Lockdown Mode on their iPhones were protected, even if their devices were running vulnerable software.
As the digital landscape becomes increasingly perilous, the need for vigilance and robust cybersecurity measures has never been more critical. Google's findings serve as a stark reminder of the lengths to which state-sponsored hackers will go to exploit vulnerabilities, making it clear that no one is beyond their reach.
