Skip to main content

One group of hackers is responsible for zero-day attacks across Windows, iOS and Android

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

Analyzing some of the recent high-profile zero-day attacks across Windows, Android, and iOS, security experts believe they are the work of an a single, but adept, group of hackers.

Maddie Stone from Google’s Project Zero combed through a number of zero-day attacks in 2020 and believes at least 11 of those to be the handiwork of one particular group.

It was the group’s ability to chain together several exploits in order to successfully launch attacks that worked even against fully patched operating systems, which led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.” 

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Expert understanding

In her analysis, Stone notes that breaking down the exploits revealed that the threat actors were seasoned exploit developers and had in-depth knowledge about the vulnerabilities that were exploited.

It all began with four zero-day exploits in February 2020 that targeted Chrome and Windows, using a non-trivial attack vector that involved creating complex exploit chains. These were followed by the discovery of seven zero-day exploits for Android, Windows, and iOS that were again made possible due to chaining multiple exploits.

Upon further analysis the researchers were led to two exploit servers, and though evidence suggests that the entities between the two exploit servers were different, the researchers believe they were likely working in a coordinated fashion.

Stone also notes that the exploitation methods used in one of the attacks was “novel” to the researchers, and were a testament to the attackers' skill level. 

While the documented exploits have all been quashed, given the level of skills of the threat actors and their repository of zero-day exploits, we're sure this isn't the last we've heard of them.

Via: ArsTechnica

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.