Google reveals sophisticated Windows and Android hacking operation

Discussion in 'Headline News' started by RickAgresta, Jan 12, 2021.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    21,938
    Likes Received:
    19,718
    Trophy Points:
    288
    The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits.

    [​IMG]

    Google published a six-part report today detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices.

    The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said.

    "One server targeted Windows users, the other targeted Android," Project Zero, one of Google's security teams, said in the first of six blog posts.

    Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user's browsers, attackers deployed an OS-level exploit to gain more control of the victim's devices.

    The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.

    All in all, Google said the exploit servers contained:

    • Four "renderer" bugs in Google Chrome, one of which was still a 0-day at the time of its discovery.
    • Two sandbox escape exploits abusing three 0-day vulnerabilities in the Windows OS.
    • And a "privilege escalation kit" composed of publicly known n-day exploits for older versions of the Android OS.
    The four zero-days, all of which were patched in the spring of 2020, were as follows:

    Google said that while they did not find any evidence of Android zero-day exploits hosted on the exploit servers, its security researchers believe that the threat actor most likely had access to Android zero-days as well, but most likely weren't hosting them on the servers when its researchers discovered it.

    Google: Exploit chains were complex and well-engineered

    Overall, Google described the exploit chains as "designed for efficiency & flexibility through their modularity."

    "They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks," Google said.

    "We believe that teams of experts have designed and developed these exploit chains," but Google stopped short of providing any other details about the attackers or the type of victims they targeted.

    Together with its introductory blog post, Google has also published reports detailing a Chrome "infinity bug" used in the attacks, the Chrome exploit chains, the Android exploit chains, post-exploitation steps on Android devices, and the Windows exploit chains.

    The provided details should allow other security vendors to identify attacks on their customers and track down victims and other similar attacks carried out by the same threat actor.

    Article title updated shortly after publication, changing the term "massive" to "sophisticated" as there is no information on the scale of this operation to support the initial wording.
     
    Mi An, jigwashere, lelisa13p and 3 others like this.
  2. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,505
    Likes Received:
    6,308
    Trophy Points:
    113
    Chrome on my phone gets fired up as much as Samsung Browser - never. No adblocking, no tracking protection, and it phones your every move back home to the mothership? *snort* Wish I could uninstall both of them.

    Firefox for the win, in this particular instance.
     
    Mi An, jigwashere, lelisa13p and 2 others like this.
  3. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    21,938
    Likes Received:
    19,718
    Trophy Points:
    288
    Has your flavor of Note been rooted, yet?
     
    scjjtt, Hook and headcronie like this.
  4. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    14,505
    Likes Received:
    6,308
    Trophy Points:
    113
    I have not rooted since my Note 2. With all the security concerns floating around, and given how much of a PITA it is to keep a rooted device current with patches, I gave up on that. Now I use purchased software to keep ads to a minimum and use browsers that allow me to do adblocking and tracker blocking. My days of downloading software daily to write up "A few software reviews..." are sadly over. I stick to my small collection of tried and true. I miss the simple days of Palm...

    Sent from my Samsung Note 20 Ultra using Tapatalk
     
  5. scjjtt

    scjjtt A Former Palm User

    Messages:
    2,774
    Likes Received:
    6,011
    Trophy Points:
    288
    Although I am very glad for the way I can work on the same thing from different devices (computer, Chromebook, tablet &/or phone) I also echo your lament.

    Sent from my moto g stylus using Tapatalk
     
Loading...

Share This Page