Google Uncovers Connection Between Russian State Hackers and Spyware Exploits: Concerns Raised Over Spread of Commercial Spyware
Google has uncovered a troubling connection between Russian state hackers and spyware exploits that bear a striking resemblance to those created by NSO Group and Intellexa, raising concerns about the proliferation of commercial spyware into the hands of state-backed threat actors.
In a recent blog post, Google disclosed its findings of these exploits but expressed uncertainty about how the Russian government obtained them. This revelation underscores the dangers of private spyware falling into the hands of highly dangerous threat actors, according to Google.
The hackers, known as APT29 and linked to Russia’s Foreign Intelligence Service (SVR), have a history of conducting cyber-espionage and data theft operations against prominent targets, including tech companies like Microsoft and SolarWinds, as well as various government entities.
Google’s investigation revealed that the malicious code was planted on Mongolian government websites from November 2023 to July 2024. Visitors using iPhones or Android devices on these sites could have had their devices compromised and personal data stolen in a watering hole attack.
Watering hole attacks involve compromising legitimate websites to infect site visitors. The attackers exploited vulnerabilities in the Safari browser on iPhones and Google Chrome on Android, targeting accounts hosted by online email providers used by Mongolian government officials.
The similarities between the exploits used in the Mongolian attacks and those developed by NSO Group and Intellexa suggest a potential link between the exploit authors or providers and the Russian hackers. However, NSO Group has denied selling its products to Russia, emphasizing that their technologies are exclusively sold to vetted US and Israel-allied intelligence and law enforcement agencies.
The mystery behind how Russian hackers gained access to the exploit code remains unresolved, but Google’s discovery highlights the risks associated with the spread of commercial spyware into the hands of state-backed threat actors.