What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-09-04 02:45:48 | Les attaquants soutenus par l'État et les vendeurs de surveillance commerciale utilisent à plusieurs reprises les mêmes exploits State-backed attackers and commercial surveillance vendors repeatedly use the same exploits (lien direct) |
## Snapshot Google\'s Threat Analysis Group (TAG) uncovered in-the-wild exploit campaigns targeting Mongolian government websites between November 2023 and July 2024. TAG attributes the attack to the Russian government-backed actor APT29, tracked by Microsoft as [Midnight Blizzard](https://sip.security.microsoft.com/intel-profiles/d825313b053efea45228ff1f4cb17c8b5433dcd2f86353e28be2d484ce874616). The attackers utilized exploits similar to those used by commercial surveillance vendors Intellexa and NSO Group. ## Description These campaigns delivered n-day exploits for iOS and Chrome, affecting unpatched devices. The initial infection vector was a watering hole attack on compromised websites that delivered iOS WebKit and Chrome exploits. The iOS campaigns delivered an exploit via [CVE-2023-41993](https://sip.security.microsoft.com/intel-explorer/cves/CVE-2023-41993/) targeting iPhone users running older versions. TAG\'s analysis revealed that the exploit is nearly identical to one used by commercial vendor Intellexa. This exploit loaded the same cookie stealer framework that TAG observed in March 2021, when a Russian state-backed attacker exploited [CVE-2021-1879](https://sip.security.microsoft.com/intel-explorer/cves/CVE-2021-1879/) to steal authentication cookies from major sites like LinkedIn, Gmail, and Facebook. Read more [here](https://sip.security.microsoft.com/intel-explorer/articles/4a4ab0bf)about Microsoft\'s coverage of Midnight Blizzard\'s malicious activity exploiting CVE-2021-1879. TAG also discovered a Google Chrome exploit chain that aimed to steal credential cookies from Android users. Similar to the iOS campaigns, this attack began with initial access gained through a watering hole. This attack chain exploited [CVE-2024-5274](http://CVE-2024-5274) to compromise the renderer - an exploit that Chrome Security previously discovered as an in-the-wild 0-day in May 2024 used by the commercial NSO Group. Additionally, the attackers leveraged [CVE-2024-4671](https://sip.security.microsoft.com/intel-explorer/cves/CVE-2024-4671/) to break out of Chrome site isolation. TAG is uncertain how suspected APT29 actors acquired the exploits used by commercial surveillance vendors. ### Additional Analysis Commercial surveillance vendors, including Intellexa and the NSO Group, have been the subject of significant scrutiny and criticism. These companies develop and sell advanced spyware tools to governments and law enforcement agencies for surveillance purposes. However, their products have been linked to unauthorized surveillance activities and [human rights concerns](https://www.siliconrepublic.com/enterprise/amnesty-international-intellexa-ireland-predator-spyware "https://www.siliconrepublic.com/enterprise/amnesty-international-intellexa-ireland-predator-spyware"). The NSO Group, known for its [Pegasus spyware](https://thehill.com/policy/cybersecurity/4053311-khashoggi-widow-suing-israeli-firm-says-spyware-caused-her-to-constantly-be-looking-over-her-shoulder/ "https://thehill.com/policy/cybersecurity/4053311-khashoggi-widow-suing-israeli-firm-says-spyware-caused-her-to-constantly-be-looking-over-her-shoulder/"), has faced criticism for its involvement in illegal surveillance. Similarly, Intellexa has been implicated in scandals involving the use of its Predator spyware to monitor U.S. officials, journalists, and policy experts. Both companies have been [sanctioned](https://www.icij.org/investigations/cyprus-confidential/spyware-firm-intellexa-hit-with-us-sanctions-after-cyprus-confidential-expose/ "https://www.icij.org/investigations/cyprus-confidential/spyware-firm-intellexa-hit-with-us-sanctions-after-cyprus-confidential-expose/") for their roles in distributing spyware to authoritarian regimes ## Recommendations Strengthen operating environment configuration - Keep operating systems and applications up to date. Apply security patches as soon as possible. Ensure that Google Chrome web browser is updated at version [128.0.6613.84](https://ch | Malware Tool Vulnerability Threat Legislation Mobile Commercial | APT 29 | ★★ |
 |
2024-08-29 09:04:58 | Les pirates russes APT29 utilisent iOS, Chrome Exploits créés par les fournisseurs de logiciels espions Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (lien direct) |
Le groupe de piratage APT29 parrainé par l'État russe a été observé à l'aide des mêmes exploits iOS et Android créés par des fournisseurs de logiciels spys commerciaux dans une série de cyberattaques entre novembre 2023 et juillet 2024. [...]
The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. [...] |
Mobile Commercial | APT 29 | ★★★ |
1
We have: 2 articles.
We have: 2 articles.
To see everything:
Our RSS (filtrered)
