Security News > 2021 > January > Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms.
Working together, researchers from Google Project Zero and the Google Threat Analysis Group uncovered the attacks, which were "Performed by a highly sophisticated actor," Ryan from Project Zero wrote in the first of a six-part blog series on their research.
In the case of the attacks that Google researchers uncovered, attackers executed the malicious code remotely on both the Windows and Android servers using Chrome exploits.
The exploits used against Windows included zero-day flaws, while Android users were targeted with exploit chains using known "n-day" exploits, though they acknowledge it's possible zero-day vulnerabilities could also have been used, researchers said.
The team spent months analyzing the attacks, including examining what happened post-exploitation on Android devices.
The researchers posted root-cause analyses for each of the four Windows zero-day vulnerabilities that they discovered being leveraged in their attacks.
News URL
https://threatpost.com/hacks-android-windows-zero-day/163007/
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)