Security News > 2021 > March > Hacking group used 11 zero-days to attack Windows, iOS, Android users
2021-03-20 14:41
Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.
The attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.
One full exploit chain targeting fully patched Windows 10 using Google Chrome.
Several RCE exploits for iOS 11-13 and a privilege escalation exploit for iOS 13.
In the case of the Chrome Freetype zero-day, the exploitation method used by this hacking group was new to Project Zero.
News URL
Related news
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- BadPilot network hacking campaign fuels Russian SandWorm attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone (source)