SolarWinds hackers use iOS for 0 days to steal Google and Microsoft data

The WebKit vulnerability was exploited when government officials clicked on LinkedIn messages.

Russian government hackers who planned the SolarWinds supply chain attack last year exploited Zero Day iOS as part of a separate malicious email program intended to steal web authentication. Western European government certifications, according to Google and Microsoft.

Read more: Microsoft SolarWinds hackers return with new sweeping campaign The unknown time was used to send messages to government officials via LinkedIn.

Moscow, Western Europe, USAID

Attacks targeting CVE-2021-1879, with zero-day tracking, direct users to domains bearing devastating loads on fully-installed iPhones. The researchers said the attacks coincided with a similar campaign by hackers to deliver malware to Windows users.

ReadingSolarWinds is back with a massive new campaign, which Microsoft says is closely following one Microsoft revealed in May. In this case, Microsoft said Nobelium — the name the company uses to identify the hackers behind the SolarWinds supply chain attack — first managed the account for the US Agency for International Development, the US government agency that manages civilian aid and civil development aid. Slow, endangered. By controlling the agency's account for the internet marketing company Constant Contact, the hackers were able to send emails that appeared to use addresses belonging to the US agency.

The federal government blamed last year's supply chain attack on hackers working for Russia's foreign intelligence service (SVR). For more than a decade, SVR has been running malware campaigns targeting governments, political think tanks and other organizations in countries such as Germany, Uzbekistan, South Korea, and the United States. In 2014, the US State Department and the White House listed these goals. Other names used to identify this group include APT29, Dukes, and Cozy Bear. In an email, Shane Huntley, Head of the Threat Analysis Team at Google, confirmed the link between the USAID attacks and iOS Zero Day, which was present in the WebKit browser engine. "The two campaigns are different, but from our perspective, we're thinking about the actors behind the one-day WebKit and the USAID campaign for the same cast," Huntley wrote. "It is important to note that everyone draws actor boundaries differently. In this particular case, we agree with the US and UK government assessment of APT 29."


Sandbox Forget

During the campaign, Microsoft said that Noblemium has seen many attacks of alteration. In one wave, a web server controlled by Noble displayed the devices they visited to determine what the operating systems and operating systems were doing. If the device is an iPhone or iPad, it provides a server that abuses CVE-2021-1879, which allows hackers to perform a global inter-site programming attack. Apple patched Zero Day in late March.

In a Wednesday article, Stone and Lechin wrote:

After several validation checks to ensure that the device in use is indeed a genuine device, the latest shipment to run CVE-2021-1879 is on display. Policy-Origin-Policy protection may be used to collect authentication cookies from many popular websites, including Google, Microsoft, LinkedIn, Facebook and Yahoo, and send them via WebSocket to an IP address that is under attack. The victim must have a Safari session on these sites in order for the cookies to be cleared successfully. No escape route or sand planting was delivered through this process. This targeting targets iOS 12.4 to 13.7. This type of attack, described by Amy Burnett in Forget the Sandbox Escape, is described as: Code execution abuse by browsers is reduced in browsers by activating a separate site such as Chrome or Firefox.

It rains 0 days

iOS attacks are part of the recent explosion in the use of zero days. In the first half of this year, Google's Zero Vulnerability Research Group used zero-day-zero use of attacks - 11 more than the total since 2020. There are several reasons for this growth, including better identification by Defenders and better defense programs, which in turn require several exploits to exploit.

Another important factor is the zero-day oversupply of private companies selling.

“Non-Day Capabilities,” Google researchers wrote, “select only national government tools with the technical expertise to find zero-day vulnerabilities, develop them as exploits, and then use them strategically.” “By the mid-term to late 2010, more private companies entered the market by selling this zero-day potential.” Groups no longer need technical expertise, now only resources.

The iOS vulnerability is one of four Google Zero Days, which were revealed in detail on Wednesday. The other three are: CVE-2021-21166 and CVE-2021-30551. In Chrome and CVE-2021- 33742 In Internet Explorer

, these four benefits were used in three different campaigns, the researchers based their analysis on three uses of them by the business monitoring company.Sold them to different government-sponsored representatives, the monitoring company investigators did not identify the governments or the three specific zero days which they were referring to.

Apple officials did not immediately respond to a request for comment. /p>

SolarWinds hackers use iOS for 0 days to steal Google and Microsoft data
solarwinds-hackers-use-ios-for-0-days-to-steal-google-and.html Vaccines, reopening and worker rebellion: The great technological row is back in office

Vaccines, reopening and worker rebellion: The great technological row is back in office

CEOs want workers back to their desks. For employees and other virus programs. Across the United States, the leaders of tech giants like Apple, Google..., with the help of Google, squeezes malware, with the help of Google, squeezes malware

With a valid TLS certificate, faux Bravė.com can fool even the most secure of people. Malware that controls browsers and steals sensitive data.

... A privacy battle that Apple isn't fighting

A privacy battle that Apple isn't fighting

There are no browser-level privacy settings that California implements in Safari, iOS.

For at least a decade, privacy advocates have yearned ... Only 3G Kindles started their long and slow death this year

Only 3G Kindles started their long and slow death this year

3G 2021/2022 sunset affects even the eighth generation Kindle (2016).

On Wednesday, Amazon sent out an email notification to customers who pu... Huawei's latest flagship phone has HarmonyOS, Qualcomm SoC and lacks 5G

Huawei's latest flagship phone has HarmonyOS, Qualcomm SoC and lacks 5G

Faced with export bans and chip shortages, Huawei is ignoring what it can find.

Despite facing global chip shortage, US export ban and sharp ... Malicious PyPI packages steal developer data and inject code

Malicious PyPI packages steal developer data and inject code

The researchers warned that you should expect to see more malicious "Frankenstein" packages.

Open source packages estimated to have been down...