Security News > 2021 > January > Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms.
Working together, researchers from Google Project Zero and the Google Threat Analysis Group uncovered the attacks, which were "Performed by a highly sophisticated actor," Ryan from Project Zero wrote in the first of a six-part blog series on their research.
In the case of the attacks that Google researchers uncovered, attackers executed the malicious code remotely on both the Windows and Android servers using Chrome exploits.
The exploits used against Windows included zero-day flaws, while Android users were targeted with exploit chains using known "n-day" exploits, though they acknowledge it's possible zero-day vulnerabilities could also have been used, researchers said.
The team spent months analyzing the attacks, including examining what happened post-exploitation on Android devices.
The researchers posted root-cause analyses for each of the four Windows zero-day vulnerabilities that they discovered being leveraged in their attacks.
News URL
https://threatpost.com/hacks-android-windows-zero-day/163007/
Related news
- Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
- “Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days (source)
- New Windows SmartScreen bypass exploited as zero-day since March (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Windows 11 KB5041587 update adds sharing to Android devices (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)