Analyzing some of the recent high-profile zero-day attacks across Windows, Android, and iOS, security experts believe they are the work of an a single, but adept, group of hackers.
Maddie Stone from Google’s Project Zero combed through a number of zero-day attacks in 2020 and believes at least 11 of those to be the handiwork of one particular group.
It was the group’s ability to chain together several exploits in order to successfully launch attacks that worked even against fully patched operating systems, which led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.”
- We've put together a list of the best endpoint protection software
- Here's our choice of the best malware removal software on the market
- These are the best firewall apps and services
Expert understanding
In her analysis, Stone notes that breaking down the exploits revealed that the threat actors were seasoned exploit developers and had in-depth knowledge about the vulnerabilities that were exploited.
It all began with four zero-day exploits in February 2020 that targeted Chrome and Windows, using a non-trivial attack vector that involved creating complex exploit chains. These were followed by the discovery of seven zero-day exploits for Android, Windows, and iOS that were again made possible due to chaining multiple exploits.
Upon further analysis the researchers were led to two exploit servers, and though evidence suggests that the entities between the two exploit servers were different, the researchers believe they were likely working in a coordinated fashion.
Stone also notes that the exploitation methods used in one of the attacks was “novel” to the researchers, and were a testament to the attackers' skill level.
While the documented exploits have all been quashed, given the level of skills of the threat actors and their repository of zero-day exploits, we're sure this isn't the last we've heard of them.
- Protect your devices with these best antivirus software
Via: ArsTechnica
