State-sponsored hackers keep exploiting iOS & Chrome vulnerabilities again and again

August 31, 2024
1 min read

TLDR:

  • State-sponsored hackers targeted Mongolian government websites with iOS and Chrome exploits.
  • Exploits were n-day vulnerabilities and attributed with moderate confidence to APT29, a Russian government-backed actor.

Google’s Threat Analysis Group (TAG) discovered multiple exploit campaigns targeting Mongolian government websites between November 2023 and July 2024. These campaigns involved watering hole attacks, compromising the websites cabinet.gov.mn and mfa.gov.mn. The exploits initially targeted iOS devices with a WebKit exploit and later shifted focus to Android users with a Chrome exploit chain. These exploits were attributed to APT29 and highlighted the persistent threat posed by watering hole attacks and the reuse of commercial surveillance vendor exploits.

In the iOS campaign, a reconnaissance payload was used to identify the target’s device model before deploying the WebKit exploit. The Chrome campaign required a sandbox escape vulnerability to bypass Chrome’s security measures. Both attacks utilized a cookie stealer framework to exfiltrate authentication cookies from prominent websites. Google has notified relevant teams and added identified malicious domains to Safe Browsing to protect users. It is essential to promptly apply security patches to prevent exploitation and mitigate 0-day vulnerabilities.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and