Blog
Russian Hackers Leveraging Spyware Exploits in Sophisticated Cyberattacks
Russian hackers are reportedly using the same exploits as those deployed by commercial spyware vendors by exploiting vulnerabilities in software and hardware to gain unauthorized access to devices. These hackers often reverse-engineer updates or patches released by companies to identify weaknesses that can be exploited before they are widely known or fixed. Additionally, they may purchase or collaborate with spyware vendors to acquire these exploits, allowing them to target specific individuals or organizations with advanced, hard-to-detect cyberattacks. This convergence of state-sponsored hacking and commercial spyware tools is a growing concern for cybersecurity experts.
Google researchers closely analyzed the exploits, which are the methods the Russian hackers used to breach iPhone and Android software. During this analysis, they discovered a disturbing connection between Cozy Bear and the commercial spyware industry, which typically sells these hacking techniques to government clients. According to a blog post by Google, the Russian attackers employed exploits that were either identical or very similar to those previously used by commercial surveillance vendors like Intellexa and NSO Group, known for their infamous Predator and Pegasus spyware.
The mystery remains as to how Cozy Bear acquired these sophisticated exploits—whether through direct interaction with the spyware companies or by independently adopting these techniques.
Google’s research reveals that the Russian hackers leveraged exploits from Intellexa and NSO Group after vulnerabilities in iOS’s WebKit and Google’s Chrome had been identified and patched.
“We do not know how the attackers acquired these exploits,” noted Google researcher Clement Lecigne. However, it is evident that state-sponsored hackers are repurposing zero-day exploits initially used by commercial spyware vendors. This underscores the urgency for device makers to swiftly patch vulnerabilities and highlights the broader risk of hacking techniques proliferating from commercial spyware to more dangerous groups. In response, the White House has sanctioned and blacklisted Intellexa and NSO Group to curb the spread of these tools.
For more details, you can refer to the original article here.