"Russian government hackers found using exploits made by spyware companies NSO and Intellexa" 29 August 2024

Google says it has evidence that Russian government hackers are using exploits that are “identical or strikingly similar” to those previously made by spyware makers Intellexa and NSO Group.

In a blog post on Thursday, Google said it is not sure how the Russian government acquired the exploits, but said this is an example of how exploits developed by spyware makers can end up in the hands of “dangerous threat actors.”..

...Google said it found the hidden exploit code embedded on Mongolian government websites between November 2023 and July 2024. During this time, anyone who visited these sites using an iPhone or Android device could have had their phone hacked and data stolen, including passwords, in what is known as a “watering hole” attack...

...Google security researcher Clement Lecigne, who authored the blog post, told TechCrunch that it is not known for certain who the Russian government hackers were targeting in this campaign. “But based on where the exploit was hosted and who would normally visit these sites, we believe that Mongolian government employees were a likely target,” he said...

...Google said the exploit code used in the watering hole attack targeting Chrome users on Android shared a “very similar trigger” with an exploit developed earlier by NSO Group. In the case of the exploit targeting iPhones and iPads, Google said the code used the “exact same trigger as the exploit used by Intellexa,” which Google said strongly suggested that the exploit authors or providers “are the same.”..

...NSO Group did not respond to TechCrunch’s inquiry prior to publication. In a statement provided after publication, NSO spokesperson Gil Lainer said: “NSO does not sell its products to Russia. Our technologies are sold exclusively to vetted U.S. & Israel-allied intelligence and law enforcement agencies. Our systems and technologies are highly secure and are continuously monitored to detect and neutralize external threats.”

TechCrunch contacted the Russian Embassy in Washington, DC and Mongolia’s Permanent Mission to the United Nations in New York for comment, but did not hear back by press time. Intellexa could not be reached for comment. Apple spokesperson Shane Bauer did not respond to a request for comment...