Russian State Hacker Utilizes Spyware Vendors with ‘Strikingly Similar’ Methods

Dark Watch
Russian State Hacker Utilizes Spyware Vendors with ‘Strikingly Similar’ Methods

Published:

Written by: Staff Editor
spot_img

Google Uncovers Connection Between Russian State Hackers and Spyware Exploits: Concerns Raised Over Spread of Commercial Spyware

Google has uncovered a troubling connection between Russian state hackers and spyware exploits that bear a striking resemblance to those created by NSO Group and Intellexa, raising concerns about the proliferation of commercial spyware into the hands of state-backed threat actors.

In a recent blog post, Google disclosed its findings of these exploits but expressed uncertainty about how the Russian government obtained them. This revelation underscores the dangers of private spyware falling into the hands of highly dangerous threat actors, according to Google.

The hackers, known as APT29 and linked to Russia’s Foreign Intelligence Service (SVR), have a history of conducting cyber-espionage and data theft operations against prominent targets, including tech companies like Microsoft and SolarWinds, as well as various government entities.

Google’s investigation revealed that the malicious code was planted on Mongolian government websites from November 2023 to July 2024. Visitors using iPhones or Android devices on these sites could have had their devices compromised and personal data stolen in a watering hole attack.

Watering hole attacks involve compromising legitimate websites to infect site visitors. The attackers exploited vulnerabilities in the Safari browser on iPhones and Google Chrome on Android, targeting accounts hosted by online email providers used by Mongolian government officials.

The similarities between the exploits used in the Mongolian attacks and those developed by NSO Group and Intellexa suggest a potential link between the exploit authors or providers and the Russian hackers. However, NSO Group has denied selling its products to Russia, emphasizing that their technologies are exclusively sold to vetted US and Israel-allied intelligence and law enforcement agencies.

The mystery behind how Russian hackers gained access to the exploit code remains unresolved, but Google’s discovery highlights the risks associated with the spread of commercial spyware into the hands of state-backed threat actors.

spot_img

Related articles

Recent articles

Aussie Firm Skeggs Goldstien Confirms Qilin Ransomware Attack

Global
Investigation Underway at Skeggs Goldstien Following Cybersecurity Incident Cybersecurity Breach Confirmed Skeggs Goldstien, a financial services company based in New South Wales, Australia, is currently addressing...
Read more

IHC Unveils $1 Billion AI-Powered Reinsurance Platform RIQ in Abu Dhabi

Regional
IHC Launches Revolutionary Reinsurance Platform in Abu Dhabi International Holding Company (IHC), a prominent investment firm based in the UAE, has unveiled the Reinsurance Intelligence...
Read more

Over 269,000 Websites Hit by JSFireTruck JavaScript Malware in Just One Month

Global
Jun 13, 2025Ravie LakshmananWeb Security / Network Security The Rise of JSFireTruck: A New Threat in Web Security Cybersecurity experts have recently highlighted a significant threat...
Read more

Will You Fall in Love with Your AI Twin?

Knowledge Hub
Embracing Our AI Twins: A Journey Toward Collaborative Intelligence The Concept of Digital Twins Imagine a world where a version of you—enhanced, fast-thinking, and caffeine-free—exists in...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com