Russian Hackers Exploit Mobile Browser Vulnerabilities

Uploaded on 2024-09-16 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two significant makers of  spyware. This  involves Russian hackers exploiting critical vulnerabilities in widely-used web browsers, including Apple's Safari and Google's Chrome.

Cyber security researchers have identified multiple campaigns that used now-patched flaws in Safari and Chrome browsers to infect mobile users with information-stealing malware. 

In a new report, Google's Threat Analysis Group (TAG) reports on two watering hole attacks targeting Mongolian government websites between November 2023 and July 2024. 

The intrusion has been attributed to a Russian state-backed threat actor codenamed APT29, with parallels observed between the exploits used in the campaigns and those previously linked to commercial surveillance vendors (CSVs) Intellexa and NSO Group, indicating exploit reuse.

The vulnerabilities at the TAG have identified include:  

  • CVE-2023-41993- A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content (Fixed by Apple in iOS 16.7 and Safari 16.6.1 in September 2023) 
  • CVE-2024-4671- A use-after-free flaw in Chrome's Visuals component that could result in arbitrary code execution (Fixed by Google in Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux in May 2024)
  • CVE-2024-5274- A type confusion flaw in the V8 JavaScript and WebAssembly engine that could result in arbitrary code execution (Fixed by Google in Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux in May 2024)

Theses  campaigns are thought to have involved the compromises of the Mongolian government websites to deliver an exploit for CVE-2023-41993 by means of a malicious iframe component pointing to an actor-controlled domain.

The TAG team notified Apple, Alphabet’s Android and Google Chrome along with  the the Mongolian computer emergency response team (CERT) about the campaigns at the time of discovery.

TAG   |    Hacker News   |   Mail   |   Infosecurity Magazine   |   Medium   |   Android Police  |

Cyber Express   |   US State Dept.  |   

Image: PrompterMalaya

You Might Also Read: 

International Initiative To Control Commercial Spyware:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 






 

« 2024 US Presidential Election: Nation State Cyber Threats
Mental Health Provider Has Exposed Patient Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Waterfall Security Solutions

Waterfall Security Solutions

Waterfall Security is focused on protecting critical infrastructure and industrial control systems from remote online cyber attacks,

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Digital Catapult

Digital Catapult

Digital Catapult is the UK authority on advanced digital technology. We bring out the best in business by accelerating new possibilities with advanced digital technologies.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.