Russian Hackers Exploit Mobile Browser Vulnerabilities

Uploaded on 2024-09-16 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two significant makers of  spyware. This  involves Russian hackers exploiting critical vulnerabilities in widely-used web browsers, including Apple's Safari and Google's Chrome.

Cyber security researchers have identified multiple campaigns that used now-patched flaws in Safari and Chrome browsers to infect mobile users with information-stealing malware. 

In a new report, Google's Threat Analysis Group (TAG) reports on two watering hole attacks targeting Mongolian government websites between November 2023 and July 2024. 

The intrusion has been attributed to a Russian state-backed threat actor codenamed APT29, with parallels observed between the exploits used in the campaigns and those previously linked to commercial surveillance vendors (CSVs) Intellexa and NSO Group, indicating exploit reuse.

The vulnerabilities at the TAG have identified include:  

  • CVE-2023-41993- A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content (Fixed by Apple in iOS 16.7 and Safari 16.6.1 in September 2023) 
  • CVE-2024-4671- A use-after-free flaw in Chrome's Visuals component that could result in arbitrary code execution (Fixed by Google in Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux in May 2024)
  • CVE-2024-5274- A type confusion flaw in the V8 JavaScript and WebAssembly engine that could result in arbitrary code execution (Fixed by Google in Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux in May 2024)

Theses  campaigns are thought to have involved the compromises of the Mongolian government websites to deliver an exploit for CVE-2023-41993 by means of a malicious iframe component pointing to an actor-controlled domain.

The TAG team notified Apple, Alphabet’s Android and Google Chrome along with  the the Mongolian computer emergency response team (CERT) about the campaigns at the time of discovery.

TAG   |    Hacker News   |   Mail   |   Infosecurity Magazine   |   Medium   |   Android Police  |

Cyber Express   |   US State Dept.  |   

Image: PrompterMalaya

You Might Also Read: 

International Initiative To Control Commercial Spyware:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 






 

« 2024 US Presidential Election: Nation State Cyber Threats
Mental Health Provider Has Exposed Patient Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

HoxHunt

HoxHunt

HoxHunt is an automated cyber training program that transforms the way your employees react and respond to the growing amount of phishing emails.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.