Russian Hackers Exploit Mobile Browser Vulnerabilities
In a world-first, a Russian state-sponsored hacking group has used software vulnerability exploits “identical or strikingly similar” to ones previously used by NSO Group and Intellexa, two significant makers of spyware. This involves Russian hackers exploiting critical vulnerabilities in widely-used web browsers, including Apple's Safari and Google's Chrome.
Cyber security researchers have identified multiple campaigns that used now-patched flaws in Safari and Chrome browsers to infect mobile users with information-stealing malware.
In a new report, Google's Threat Analysis Group (TAG) reports on two watering hole attacks targeting Mongolian government websites between November 2023 and July 2024.
The intrusion has been attributed to a Russian state-backed threat actor codenamed APT29, with parallels observed between the exploits used in the campaigns and those previously linked to commercial surveillance vendors (CSVs) Intellexa and NSO Group, indicating exploit reuse.
The vulnerabilities at the TAG have identified include:
- CVE-2023-41993- A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content (Fixed by Apple in iOS 16.7 and Safari 16.6.1 in September 2023)
- CVE-2024-4671- A use-after-free flaw in Chrome's Visuals component that could result in arbitrary code execution (Fixed by Google in Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux in May 2024)
- CVE-2024-5274- A type confusion flaw in the V8 JavaScript and WebAssembly engine that could result in arbitrary code execution (Fixed by Google in Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux in May 2024)
Theses campaigns are thought to have involved the compromises of the Mongolian government websites to deliver an exploit for CVE-2023-41993 by means of a malicious iframe component pointing to an actor-controlled domain.
The TAG team notified Apple, Alphabet’s Android and Google Chrome along with the the Mongolian computer emergency response team (CERT) about the campaigns at the time of discovery.
TAG | Hacker News | Mail | Infosecurity Magazine | Medium | Android Police |
Cyber Express | US State Dept. |
Image: PrompterMalaya
You Might Also Read:
International Initiative To Control Commercial Spyware:
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible