Russian Hackers Exploit Mobile Browser Vulnerabilities

Uploaded on 2024-09-16 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two significant makers of  spyware. This  involves Russian hackers exploiting critical vulnerabilities in widely-used web browsers, including Apple's Safari and Google's Chrome.

Cyber security researchers have identified multiple campaigns that used now-patched flaws in Safari and Chrome browsers to infect mobile users with information-stealing malware. 

In a new report, Google's Threat Analysis Group (TAG) reports on two watering hole attacks targeting Mongolian government websites between November 2023 and July 2024. 

The intrusion has been attributed to a Russian state-backed threat actor codenamed APT29, with parallels observed between the exploits used in the campaigns and those previously linked to commercial surveillance vendors (CSVs) Intellexa and NSO Group, indicating exploit reuse.

The vulnerabilities at the TAG have identified include:  

  • CVE-2023-41993- A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content (Fixed by Apple in iOS 16.7 and Safari 16.6.1 in September 2023) 
  • CVE-2024-4671- A use-after-free flaw in Chrome's Visuals component that could result in arbitrary code execution (Fixed by Google in Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux in May 2024)
  • CVE-2024-5274- A type confusion flaw in the V8 JavaScript and WebAssembly engine that could result in arbitrary code execution (Fixed by Google in Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux in May 2024)

Theses  campaigns are thought to have involved the compromises of the Mongolian government websites to deliver an exploit for CVE-2023-41993 by means of a malicious iframe component pointing to an actor-controlled domain.

The TAG team notified Apple, Alphabet’s Android and Google Chrome along with  the the Mongolian computer emergency response team (CERT) about the campaigns at the time of discovery.

TAG   |    Hacker News   |   Mail   |   Infosecurity Magazine   |   Medium   |   Android Police  |

Cyber Express   |   US State Dept.  |   

Image: PrompterMalaya

You Might Also Read: 

International Initiative To Control Commercial Spyware:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 






 

« 2024 US Presidential Election: Nation State Cyber Threats
Mental Health Provider Has Exposed Patient Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

eScan AV

eScan AV

eScan develops Information Security solutions that provide protection against current and evolving cyber threats.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Leviathan Security Group

Leviathan Security Group

Leviathan provides a broad set of information security services ranging from low-level technical engineering to strategic business consulting.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

A-SIT Secure Information Technology Center

A-SIT Secure Information Technology Center

A-SIT was founded in 1999 as a registered nonprofit association and is established as a competence center for IT-Security.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.