Security News > 2024 > August > Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly compromised the websites of the Mongolian Cabinet Secretariat (cabinet.gov[.]mn) and the country’s Ministry of Foreign Affairs (mfa.gov[.]mn) to serve iframes or JavaScript delivering an exploit or exploit chain. The threat actors leveraged Intellexa’s CVE-2023-41993 (WebKit) exploit … More → The post Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/29/n-day-exploits-government-websites/
Related news
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack (source)
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-21 | CVE-2023-41993 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The issue was addressed with improved checks. | 8.8 |