Russian State Hacker Utilizes Spyware Vendors with ‘Strikingly Similar’ Methods

Dark Watch
Russian State Hacker Utilizes Spyware Vendors with ‘Strikingly Similar’ Methods

Published:

Written by: Staff Editor
spot_img

Google Uncovers Connection Between Russian State Hackers and Spyware Exploits: Concerns Raised Over Spread of Commercial Spyware

Google has uncovered a troubling connection between Russian state hackers and spyware exploits that bear a striking resemblance to those created by NSO Group and Intellexa, raising concerns about the proliferation of commercial spyware into the hands of state-backed threat actors.

In a recent blog post, Google disclosed its findings of these exploits but expressed uncertainty about how the Russian government obtained them. This revelation underscores the dangers of private spyware falling into the hands of highly dangerous threat actors, according to Google.

The hackers, known as APT29 and linked to Russia’s Foreign Intelligence Service (SVR), have a history of conducting cyber-espionage and data theft operations against prominent targets, including tech companies like Microsoft and SolarWinds, as well as various government entities.

Google’s investigation revealed that the malicious code was planted on Mongolian government websites from November 2023 to July 2024. Visitors using iPhones or Android devices on these sites could have had their devices compromised and personal data stolen in a watering hole attack.

Watering hole attacks involve compromising legitimate websites to infect site visitors. The attackers exploited vulnerabilities in the Safari browser on iPhones and Google Chrome on Android, targeting accounts hosted by online email providers used by Mongolian government officials.

The similarities between the exploits used in the Mongolian attacks and those developed by NSO Group and Intellexa suggest a potential link between the exploit authors or providers and the Russian hackers. However, NSO Group has denied selling its products to Russia, emphasizing that their technologies are exclusively sold to vetted US and Israel-allied intelligence and law enforcement agencies.

The mystery behind how Russian hackers gained access to the exploit code remains unresolved, but Google’s discovery highlights the risks associated with the spread of commercial spyware into the hands of state-backed threat actors.

spot_img

Related articles

Recent articles

Israel Claims to Have Targeted Iran’s Cyber Warfare Hub

Dark Watch
Israel Targets Iranian Cyber Warfare Headquarters Overview of the Airstrike Israel has announced a successful airstrike on a compound in Tehran that purportedly served as the...
Read more

Qualys Launches AI-Driven Patch Reliability Scoring in TruRisk Eliminate

Regional
Qualys Unveils AI-Powered Patch Reliability Scoring Qualys has recently rolled out a groundbreaking feature known as AI-Powered Patch Reliability Scoring, now integrated within its TruRisk...
Read more

Leaked iPhone Hacking Tool Hits Dark Web: Government Resource in the Hands of Cyber Criminals

Dark Watch
Cybersecurity Alert: Hacking Toolkit Coruna Falls into Criminal Hands In a troubling development, security researchers have revealed that a sophisticated hacking toolkit, initially linked to...
Read more

149 DDoS Attacks Target 110 Organizations Across 16 Countries in Wake of Middle East Conflict

Global
Surge in Hacktivist Activity Amid U.S.-Israel Military Actions Recent developments in cybersecurity have raised alarms among experts regarding a notable uptick in hacktivist operations. This...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com