Researchers at Google's Threat Analysis Group and Amnesty International's Security Lab have discovered and stopped two attack operations that used zero-day exploits to target iOS and Android users. Both campaigns exhibit the characteristics of state-sponsored campaigns and have impacted Malaysian, Kazakhstan, Italian, and United Arab Emirates casualties.
Cybersecurity experts had no time to patch the previously undisclosed vulnerabilities because attackers in each instance were using zero-day exploits for both iOS and Android. Cybercriminals admire these flaws highly because they enable them to surprise online defenders. Attackers started the first operation by texting brief links to their targets. Targets were sent to websites that contained the vulnerabilities after clicking on the links.
Zero-day exploits are, of course, especially dangerous because they give attackers access to even completely updated phones because the developer did not discover the vulnerability during earlier bug patches. In a blog post, Google's Threat Analysis Group (TAG) claimed to have found the campaign in November 2022 and to have successfully tracked down the iOS and Android exploit chains.
The Google Chrome, Pixel, Android, and Apple teams quickly responded and patched the vulnerabilities after TAG informed the manufacturers of their existence. The Security Lab at Amnesty International was also acknowledged for its assistance in identifying the second operation. In its own blog, Amnesty International reported that the Security Lab had revealed a "sophisticated" hacking operation run by a mercenary malware firm. The firm's identity is kept a secret.
Amnesty International says that the attack had all the characteristics of a sophisticated spyware operation that had been created by a commercial cyber-surveillance firm and distributed to government hackers to conduct targeted spyware attacks.
"Shady spyware businesses really risk everyone's security and privacy". Donncha Cearbhaill, head of Amnesty International's Security Lab, urged users to make sure their devices were updated with the most recent security patches.
While it is important that these flaws be fixed, he continued, "this is merely a sticking plaster to a global spyware crisis." In order to prevent sophisticated cyberattacks from being used as a weapon of repression against activists and journalists, there needs to be an immediate worldwide ban on the sale, transfer, and use of spyware.
In December 2022, Google was able to shut down a new zero-day exploit chain that was being used to break into Android devices, thanks to the Security Lab's discoveries. The ad targeted desktop and mobile devices and has been running since at least 2020.
Soon after US president Joe Biden issued an executive order restricting the use of digital spying tools, Google and Amnesty International made their disclosures. If certain spyware vendors are discovered working with foreign governments that American intelligence has designated as well-known human rights violators, the new regulations would prohibit them from selling to US government agencies.
Please do not enter any spam link in the comment box.