[ad_1]
Russian state the hackers who directed the files SolarWinds supply chain attack last year he exploited an iOS zero-day According to Google and Microsoft, it is a separate malicious email campaign aimed at stealing web authentication credentials from Western European governments.
In one message Google released it on Wednesday, researchers said Maddie Stone and Clement Lecign said he was “probably an actor backed by the Russian government” who exploited the then-unknown vulnerability by sending messages to government officials via LinkedIn.
Moscow, Western Europe and USAID
Attacks aimed at CVE-2021-1879 targeted users at the domain who installed malicious uploads that were fully up-to-date as they were tracked from day zero. iPhones. Investigators said the attacks were consistent with a campaign by the same hackers who handed out malware to Windows users.
The campaign closely follows one It was announced by Microsoft in May. In that case, Microsoft said Nobelium — the name Micron uses to identify hackers behind the SolarWinds supply chain attack — first managed to jeopardize an account of USAID, the U.S. government’s foreign agency for civilian and development aid. By controlling the agency’s account with the online marketing company Constant Contact, hackers had the ability to send emails that used addresses known to the U.S. agency.
The federal government has made an impeachment last year supply chain attack Hackers working in the Russian Foreign Intelligence Service (abbreviation SVR). For more than a decade, SVR has launched malware campaigns aimed at governments, political thought groups and organizations in Germany, Uzbekistan, South Korea and the US. Goals they have entered U.S. Department of State and White House in 2014. Other names to identify the group are APT29, Dukes and Cozy Bear.
In an email, the head of Google’s Threat Analysis Group, Shane Huntley, confirmed the link between USAID and iOS zero-day attacks because it was in the WebKit browser engine.
“The two campaigns are different, but based on our visibility, we believe that the actors behind WebKit 0 Day and the USAID campaign are the same group of actors,” Huntley wrote. “It’s important to note that everyone draws different boundaries for actors. In this particular case, we agree with the assessment made by the US and UK government on APT 29 ”.
Forget the Sandbox
Throughout the campaign, Microsoft said Nobelium experimented with multiple attack variations. In a wave, a Nobelium-controlled web server visited the devices that profiled the devices to determine what operating system and hardware they were using. If the target device was an iPhone or iPad, a server delivered an exploit for CVE-2021-1879, which allowed hackers to perform a universal scripting attack between sites. Apple patch zero day at the end of March.
In Wednesday’s post, Stone and Lecign wrote:
After several validation checks to ensure that the device being used was the actual device, the final load would serve to operate the CVE-2021-1879. This operation would be disabled Policy of the same origin sponsors to collect authentication cookies from various popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo, and send them via WebSocket to an IP controlled attacker. Victims should log in to these websites from Safari in order to successfully filter cookies. No fracture leaks or implants have been provided through this operation. Operating versions of iOS 12.4 and 13.7 are corrected. This type of attack is described by Amy Burnett Forget Sandbox Escape: Abuse browsers from running code, are alleviated in browsers Site isolation enabled, such as Chrome or Firefox.
Rain is Zero-Days
The iOS attacks are part of the latest explosion of zero-day use. In the first half of this year, Google’s Project Zero vulnerability research team recorded 33 zero-day exploits used in attacks — 11 more than the total number since 2020. The growth has a number of reasons, including better detection by advocates and better software defense. which, in turn, requires many uses to break.
Another major factor is the increase in zero-day supply by private companies selling farms.
[ad_2]
Source link
