Russian Hackers Hijack Spyware Tricks: Exploits Unleashed on Mongolia
Russian state-sponsored APT29, aka “Midnight Blizzard,” was caught using iOS and Android exploits from commercial spyware vendors like NSO Group. Despite patches, these n-day flaws still affect outdated devices. APT29’s techniques included compromising Mongolian government websites to steal cookies and sensitive data.
Hot Take:
When Russian hackers start moonlighting as spyware salesmen, you know the cyber world’s gone full James Bond. Just pray your iPhone isn’t the next target in this international cat-and-mouse game!
Key Points:
- APT29, aka “Midnight Blizzard,” mimicked commercial spyware vendors in cyberattacks from November 2023 to July 2024.
- The attacks targeted Mongolian government websites using known but unpatched iOS and Android exploits.
- Watering hole tactics were employed to deliver malicious payloads to specific visitors.
- The exploits were nearly identical to those used by NSO Group and Intellexa.
- How APT29 obtained these exploits remains a mystery, with theories ranging from hacking to bribery.
Membership Required
You must be a member to access this content.