Security News > 2021 > March > Hacking group used 11 zero-days to attack Windows, iOS, Android users
2021-03-20 14:41
Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.
The attackers used a couple of dozen websites hosting two exploit servers, each of them targeting iOS and Windows or Android users.
One full exploit chain targeting fully patched Windows 10 using Google Chrome.
Several RCE exploits for iOS 11-13 and a privilege escalation exploit for iOS 13.
In the case of the Chrome Freetype zero-day, the exploitation method used by this hacking group was new to Project Zero.
News URL
Related news
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)
- Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)