Security News > 2024 > August > Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly compromised the websites of the Mongolian Cabinet Secretariat (cabinet.gov[.]mn) and the country’s Ministry of Foreign Affairs (mfa.gov[.]mn) to serve iframes or JavaScript delivering an exploit or exploit chain. The threat actors leveraged Intellexa’s CVE-2023-41993 (WebKit) exploit … More → The post Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/08/29/n-day-exploits-government-websites/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-21 | CVE-2023-41993 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The issue was addressed with improved checks. | 8.8 |