Google has revealed details about multiple cyberattack campaigns that took place between November 2023 and July 2024. In a blog post, Google’s Threat Analysis Group (TAG) says that it “observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites.”
Google assesses with “moderate confidence” that the campaigns are linked to the Russian government-backed actor APT29.
Google says that the vulnerabilities have already been addressed and that it has notified both Apple and its partners at Android and Google Chrome about the campaigns at the time of their discovery, including the Mongolian CERT.
According to Google, the exploit campaigns “first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 and then later, a Chrome exploit chain against Android users running versions from m121 to m123. These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices.”
What’s a watering hole cyberattack?
In a watering hole cyberattack, cybercriminals target a highly trusted website that’s visited by a large group of people. Since the website is a trusted one and can’t be usually blacklisted by Google, hackers find it less challenging to infect the website with malware, which then spreads to the devices of those who visit the site.
The watering hole attack timeline
As per Google, the watering hole attacks affected the cabinet.gov[.]mn and mfa.gov[.]mn websites in November 2023, February 2024 and July 2024.
The Apple Safari browser on iOS was targeted in November 2023 and February 2024 watering hole campaigns delivered an iOS exploit via CVE-2023-41993.
Towards July 2024 end, Google says that hackers used a new watering hole on the mfa.gov[.]mn website “where track-adv[.]com was re-used to deliver a Google Chrome exploit chain to Android users.”
“In each iteration of the watering hole campaigns, the attackers used exploits that were identical or strikingly similar to exploits previously used by commercial surveillance vendors (CSVs) Intellexa and NSO Group”, says Google in the blog post.
Watering hole attacks: How to protect yourself?
Google says that internet users should keep applying regular patches to the commonly visited web browsers like Google Chrome and Apple Safari as a safeguard against watering hole attacks. People should also keep the software on their devices up-to-date. Considering the rapid increase of cybercrime, investing in a paid antivirus and internet security solution is a no-brainer, so you should protect your devices with such security software as well.
Google also underscored the Site Isolation feature on the Chrome Android browser that’s meant “to prevent the ability to steal other website data — including cookies — from a compromised renderer”.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
