Security News > 2024 > August > Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
2024-08-29 13:11

Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly compromised the websites of the Mongolian Cabinet Secretariat (cabinet.gov[.]mn) and the country’s Ministry of Foreign Affairs (mfa.gov[.]mn) to serve iframes or JavaScript delivering an exploit or exploit chain. The threat actors leveraged Intellexa’s CVE-2023-41993 (WebKit) exploit … More → The post Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/08/29/n-day-exploits-government-websites/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-21 CVE-2023-41993 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The issue was addressed with improved checks.
8.8