Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
mood
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
commercialism
Crypto
A far view of the Russian Foreign Intelligence Service (SVR) headquarters outside Moscow taken on June 29, 2010.Image Credits:Alexey Sazonov/AFP(opens in a new window)/ Getty Images
endeavor
EVs
Fintech
fund raise
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security measure
societal
Space
inauguration
TikTok
transport
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Google says it has evidence that Russian government hackers are using feat that are “ identical or strikingly similar ” to those previously made by spyware makers Intellexa and NSO Group .
Ina blog post on Thursday , Google said it is not certain how the Russian government acquired the effort , but tell this is an example of how exploits develop by spyware God Almighty can end up in the hands of “ severe terror histrion . ”
In this case , Google articulate the terror actors are APT29 , a group of drudge wide attributed to Russia ’s Foreign Intelligence Service , or the SVR . APT29 is a extremely capable group of hackers , known for itslong - running and dour campaignsaimed atconducting espionageanddata theftagainst a image of fair game , including technical school giants Microsoft and SolarWinds , as well as foreign governments .
Google say it found the hidden exploit code embed on Mongol government websites between November 2023 and July 2024 . During this fourth dimension , anyone who visited these land site using an iPhone or Android gimmick could have had their earphone hacked and data steal , include passwords , in what is known as a “ watering hole ” attack .
The feat took reward of vulnerabilities in the iPhone ’s Safari web browser and Google Chrome on Android that had already been desex at the time of the suspected Russian campaign . Still , those feat nevertheless could be in force in compromising unpatched devices .
According to the web log Charles William Post , the exploit targeting iPhones and iPads was designed to steal user accounting cookies stored in Safari specifically across a mountain chain of online email provider that host the personal and piece of work accounts of the Mongolian government . The attackers could use the steal cookie to then access those government account . Google said the campaign aim at targeting Android devices used two separate exploit together to steal user cookie stored in the Chrome browser app .
Google security researcher Clement Lecigne , who authored the web log billet , told TechCrunch that it is not known for sure who the Russian government hacker were targeting in this military campaign . “ But base on where the feat was host and who would unremarkably visit these land site , we believe that Mongolian regime employees were a likely target , ” he say .
Lecigne , who works for Google ’s Threat Analysis Group , the security research building block that enquire government - backed cyber threats , said Google is associate the reuse of the code to Russia because the researchers previously note the same cooky - stealing code used by APT29during an earlier campaign in 2021 .
A fundamental question remain : How did the Russian political science drudge obtain the exploit code to get down with ? Google aver both iterations of the watering pickle campaign targeting the Mongolian governance used code resemble or matching exploits from Intellexa and NSO Group . These two companies are do it fordeveloping exploits capable of delivering spywarethat can compromise fully patch iPhones and Android earpiece .
Google said the exploit code used in the watering kettle of fish attack targeting Chrome users on Android apportion a “ very similar trigger ” with an effort develop to begin with by NSO Group . In the case of the feat point iPhones and iPads , Google said the code used the “ exact same induction as the feat used by Intellexa , ” which Google said strongly propose that the exploit authors or provider “ are the same . ”
When asked by TechCrunch about the reuse of exploit code , Lecigne said : “ We do not believe the actor recreate the exploit , ” ruling out the likelihood that the feat was independently discovered by the Russian cyber-terrorist .
“ There are multiple possibilities as to how they could have get the same feat , admit purchase it after it was patched or slip a copy of the exploit from another customer , ” said Lecigne .
NSO Group did not reply to TechCrunch ’s research prior to publication . In a assertion provided after publication , NSO interpreter Gil Lainer enounce : “ NSO does not sell its products to Russia . Our engineering are sell exclusively to vet U.S. & Israel - ally intelligence and law enforcement agencies . Our organization and technologies are extremely unattackable and are continuously monitored to discover and neutralize external threats . ”
TechCrunch get through the Russian Embassy in Washington , DC and Mongolia ’s Permanent Mission to the United Nations in New York for comment , but did not find out back by pressing time . Intellexa could not be reached for gossip . Apple spokesperson Shane Bauer did not respond to a request for comment .
Google said users should “ apply patches speedily ” and keep software up - to - date to help forestall malicious cyberattacks . According to Lecigne , iPhone and iPad userswith the gamey - security feature Lockdown Mode switched onwere not affected even when pass a vulnerable computer software adaptation .
update with post - publish reply from NSO .
