Russian Hackers Use Spyware Exploits in New Cyber Campaign
Google has found evidence that Russian government hackers, known as APT29, used spyware exploits developed by Intellexa and NSO Group to target Mongolian government websites.
APT29, linked to Russia’s Foreign Intelligence Service (SVR), is known for conducting espionage and data theft. The group used “watering hole” attacks by embedding malicious code on Mongolian government websites between November 2023 and July 2024.

Any visitor to these sites using an iPhone or Android device could have been hacked, compromising their data, including passwords.
The attacks exploited vulnerabilities in Safari on iPhones and Google Chrome on Android, which had already been patched. However, unpatched devices remained vulnerable. The stolen data focused on user account cookies from government email accounts, potentially allowing hackers access to sensitive information.
Google’s Threat Analysis Group linked the code to APT29 based on similarities with previously observed exploits. The source of these exploits remains unknown, though it is suggested that Russian hackers either bought or stole them.
This incident underscores the risk of spyware exploits falling into dangerous hands. Google advises users to keep their software updated to avoid such attacks.
Source techcrunch