By Milcah Tanimu
Google has accused the Russian government of exploiting sophisticated vulnerabilities that bear striking similarities to those used by notorious spyware developers, NSO Group and Intellexa. According to the Google Threat Analysis Group (TAG), Russian hackers, identified as APT29, have employed exploits that closely mirror those previously associated with these surveillance software firms.
Google TAG researchers revealed that APT29 has utilized complex exploit chains against both Android and iOS devices. The attacks began with a compromise of government websites in Mongolia, known as a watering hole attack, which delivered a range of exploits targeting users of Chrome and iOS versions. The exploits used in these campaigns were either identical to or very similar to those previously deployed by NSO Group and Intellexa, suggesting a troubling overlap between state-sponsored actors and commercial spyware vendors.
The exploits targeted Android versions m121 to m123 and iOS versions older than 16.6.1. Despite patches being available, the attacks were effective against devices that had not been updated. Google’s report indicates that these vulnerabilities, while patched in newer versions, continue to pose a significant risk to users who have not yet updated their devices.
This revelation raises concerns about the potential for collaboration between state-backed hackers and commercial spyware companies. Google’s findings highlight the ongoing security challenges faced by individuals and organizations worldwide, as advanced surveillance tools become increasingly accessible to malicious actors.