Google security researchers shared more information on four security vulnerabilities, also known as zero-days, unknown before they discovered them being exploited in the wild earlier this year.
The four security flaws were found by Google Threat Analysis Group (TAG) and Google Project Zero researchers after spotting exploits abusing zero-day in Google Chrome, Internet Explorer, and WebKit, the engine used by Apple's Safari web browser.
The four zero-day exploits discovered by Google researchers earlier this year while being exploited in the wild targeted:
-
CVE-2021-21166 and CVE-2021-30551 in Chrome,
-
CVE-2021-33742 in Internet Explorer, and
-
CVE-2021-1879 in WebKit (Safari).
Google also published root cause analysis for all four zero-days:
- CVE-2021-1879: Use-After-Free in QuickTimePluginReplacement
- CVE-2021-21166: Chrome Object Lifecycle Issue in Audio
- CVE-2021-30551: Chrome Type Confusion in V8
- CVE-2021-33742: Internet Explorer out-of-bounds write in MSHTML
"We tie three to a commercial surveillance vendor arming govt backed attackers and one to likely Russian APT," Google Threat Analysis Group's Director Shane Huntley said.
"Halfway into 2021, there have been 33 0-day exploits used in attacks that have been publicly disclosed this year — 11 more than the total number from 2020," Google researchers added.
"While there is an increase in the number of 0-day exploits being used, we believe greater detection and disclosure efforts are also contributing to the upward trend."
WebKit zero-day exploited by Russian SVR hackers
While the Chrome and Internet Explorer zero-day exploits were developed and sold by the same vendor to customers worldwide who wanted to boost their surveillance capabilities, they were not used in any high-profile campaigns.
This can't be said about the CVE-2021-1879 WebKit/Safari flaw, which, according to Google, was used via LinkedIn Messaging "to target government officials from western European countries by sending them malicious links."
Google researchers said the attackers were part of a likely Russian government-backed actor abusing this zero-day to target iOS devices running older versions of iOS (12.4 through 13.7).
While Google didn't link the exploit to a specific threat group, Microsoft says the culprit is Nobelium, the state-sponsored hacking group behind last year's SolarWinds supply-chain attack that led to the compromise of several US federal agencies.
Cybersecurity company Volexity also linked the attacks to SVR operators based on tactics previously observed in attacks going back to 2018.
The United States government formally accused the Russian Foreign Intelligence Service (aka SVR) in April of carrying out "the broad-scope cyber espionage campaign" through its hacking division commonly known as APT29, The Dukes, or Cozy Bear.
According to Google, the end goal of the attacks was to "collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo and send them via WebSocket to an attacker-controlled IP."
Comments
Amigo-A - 2 years ago
An old anecdote about a large number of enemy soldiers (= hackers).
US Army Sergeant teaches recruit: Anderson, what will you do if you see 100 enemy soldiers in front of you advancing on you?
Anderson: I'll shoot them with my rifle, sir!
Sergeant: Okay, what do you do if 500 enemy soldiers attack you?
Anderson: I'll shoot them with my rifle, sir!
Sergeant: Good! And what will you do if 1000 more enemy soldiers come at you from the rear?
Anderson: I'll shoot them with my rifle, sir!
The sergeant wondered: Wait, Anderson, where are you going to get so many rifle cartridges?
Anderson: In the same place where you took so many enemy soldiers, sir!
Amigo-A - 2 years ago
For those who did not understand. To attack all this, you need a lot of hackers and technical means. There are not many people in Russia.
1. China - 1,411 million people
2. India - 1,386 million people
3. USA - 331 million people
4. Indonesia - 266 million people
5. Pakistan - 221 million people
6. Brazil - 213 million people
7. Nigeria - 213 million people
8. Bangladesh - 172 million people
9. Russia - 146 million people
10. Mexico - 126 million people
Compared to the size of other Russian armed forces, the SVR (=Foreign Intelligence Service) has fewer staff, than the Department of Defense. Among all SVR employees, theoretically, there should be much fewer hackers.
Here is an anecdote and explains that if there are not a large number of enemy soldiers (hackers), then it is very easy to invent and blame them.
Honestly, they say such cunning is a woman's trick.
TsVk! - 2 years ago
Consider that 419 scammers are almost entirely from Nigeria and that telephone scammers are almost entirely from India. They have local forums and discussion groups about how to run their particular crime specialty.
The fact that there are plenty of Russian hacking forums and all the digital fingerprints point to ex-Soviet nations is a good indicator of where these crimes are orginating, not a sign that there is some sort of wild conspiracy to pick on the poor Ruskies.