Adrian Johnson
TLDR:
- Google warns Chrome and Safari users of a Russian cyber attack.
- The attack used spyware developed by a Greek cyber intelligence firm and targeted users who did not update their software.
Article Summary:
Google has issued a warning to its users to apply patches quickly and keep their software fully updated after discovering a nine-month-long cyberattack linked to Russian spies. The attack utilized commercial spyware developed by a Greek cyber intelligence firm that had been sanctioned by the US government earlier in the year. The vulnerabilities exploited in this attack have been patched for users who updated their Apple iOS, Safari browser, and Google Chrome to the latest versions. Google’s Threat Analysis Group tied the hacking campaigns to Russia’s Foreign Intelligence Service (SVR) with moderate confidence.
The flaws exposing iPhone and iPad users to these attacks were patched in September 2023 for those who updated their software. Similarly, Android phone owners and Google Chrome users had their vulnerabilities fixed in May 2024 with Chrome version 124.0.6367.201/.202 for Windows and macOS. The hacking campaigns were linked to the Russian government-backed actor APT29, known as Cozy Bear or Group 100, by Google’s threat analysis.
It is concerning that suspected Russian state actors were benefiting from already patched security flaws via commercial spyware packages. The attack aimed to infiltrate Mongolian government websites and possibly targeted US diplomats and spies in the region. This type of attack is expected to be replicated by other well-trained teams using similar spyware tools.
