Security News > 2021 > March > Google: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation
Google has added new details on a pair of exploit servers used by a sophisticated threat actor to hit users of Windows, iOS and Android devices.
Malware hunters at Google continue to call attention to a sophisticated APT group that burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and devices.
The group has actively used "Watering hole" attacks to redirect specific targets to a pair of exploit servers delivering malware on Windows, iOS and Android devices.
In a new blog post, Google Project Zero researcher Maddie Stone released additional details on the exploit chains discovered in the wild last October and warned that the latest discovery is tied to a February 2020 campaign that included the use of multiple zero-days.
In all, Stone and the Google Project Zero team snagged one full exploit chain hitting Chrome on Windows, two partial exploit chains targeting fully patched Android devices running Chrome and the Samsung Browser; and remote code-execution exploits for iOS 11 and iOS 13.
Stone's analysis also show the APT group is prolific with the types of vulnerabilities used in exploit chains.
News URL
Related news
- Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)