Security News > 2021 > March > Hacking group used 11 zero-days to attack Windows, iOS, Android users
2021-03-20 14:41
Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.
The attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.
One full exploit chain targeting fully patched Windows 10 using Google Chrome.
Several RCE exploits for iOS 11-13 and a privilege escalation exploit for iOS 13.
In the case of the Chrome Freetype zero-day, the exploitation method used by this hacking group was new to Project Zero.
News URL
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)