In light of a recent nine-month-long cyberattack attributed to Russian espionage, Google is advising users to “apply patches quickly” and “keep software fully up-to-date.” The attack, which exploited vulnerabilities using commercial spyware from the Greek cyber intelligence firm Intellexa, has raised significant security concerns.
Intellexa, a Cyprus-based company, was sanctioned by the US government in March for the misuse of surveillance tools. The spyware linked to Intellexa’s products has been used in attacks across various countries, including Ireland, Vietnam, and the United States.
Fortunately, for those who have installed the latest updates, the vulnerabilities targeted by this attack have largely been addressed. Apple users who have updated to iOS 16.7 and Safari 16.6.1 as of September 2023, and Android users, along with Google Chrome users who updated to version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux by May 2024, are protected against these exploits.
Google’s Threat Analysis Group reported that they notified Apple, Android, and Google Chrome about the attack upon discovery. Google security engineer Clément Lecigne, based in Switzerland, stated that the attack is linked with moderate confidence to APT29, a Russian government-backed hacking group also known as Cozy Bear or Group 100. This group is associated with Russia’s foreign intelligence agency, SVR.
Evidence of APT29’s activities included malware found on Mongolian government websites, indicating potential espionage motives. Google also informed the Mongolian Cybersecurity Emergency Response Teams (CERT) to address the compromised sites.
Lecigne warned that the use of such sophisticated spyware tools could lead to more frequent attacks, potentially replicated by other advanced hacking groups.
