Security News > 2021 > January > Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms.
Working together, researchers from Google Project Zero and the Google Threat Analysis Group uncovered the attacks, which were "Performed by a highly sophisticated actor," Ryan from Project Zero wrote in the first of a six-part blog series on their research.
In the case of the attacks that Google researchers uncovered, attackers executed the malicious code remotely on both the Windows and Android servers using Chrome exploits.
The exploits used against Windows included zero-day flaws, while Android users were targeted with exploit chains using known "n-day" exploits, though they acknowledge it's possible zero-day vulnerabilities could also have been used, researchers said.
The team spent months analyzing the attacks, including examining what happened post-exploitation on Android devices.
The researchers posted root-cause analyses for each of the four Windows zero-day vulnerabilities that they discovered being leveraged in their attacks.
News URL
https://threatpost.com/hacks-android-windows-zero-day/163007/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)