According to a report released by Google's Threat Analysis Group, hackers that the Russian government potentially backs targeted European government officials with LinkedIn messages that contained malicious links designed to exploit unknown vulnerabilities in Windows and iOS. The attacks relied on zero-day web kits developed to target vulnerabilities found in Safari and browsers used on iOS phones. This vulnerability (named CVE-2021-1879) was patched by Apple on March 26, 2021.
The attackers used a zero-day exploit that was explicitly developed to breach vulnerable web browsers. In this instance, the attackers crafted phishing lures to attract government officials to click on a link. Once the victim clicked on the link, they were then redirected to a website that the attackers controlled, and then the website would act as the trigger for the exploit on the victim's phone. According to Google, the exploit was designed to steal authentication cookies from Microsoft, Google, Yahoo, Facebook, and LinkedIn. Authentication cookies are used to store a user's login information, and in this attack, the cookies were most likely used to steal login information.
It is no secret that some countries employ the use of hacking groups. Having the backing of a country's government allows the attackers to utilize more resources to carry out a cyber attack. Some of these resources may include a sophisticated network architecture that is hard to detect. In some cases, governments may also allocate significant funding to these hacking groups, which are used to purchase or maintain new exploit capabilities, purchase network infrastructure, and even employ more people that could be used to carry out cyber attacks.
Zero-days are hard to defend against since these types of exploits are developed to target vulnerabilities that are unknown to the software developers. One of the ways to mitigate these types of attacks is to continuously look for potential vulnerabilities within the software that is being used. When it comes to zero-days being used in phishing lures, organizations should deploy an automated defense solution that alerts security personnel and administrators to anonymous web traffic or to detect rogue accounts that could target an organization's employees on social media platforms.
At SafeGuard Cyber, our mission is to help defenders establish and consolidate visibility for their various collaboration and digital communication tools, apply consistent analysis to these data streams, and detect malicious activity such as social engineering, malware, data exfiltration attempts, and insider threats. You can request a demo to learn more on how SafeGuard Cyber can secure your cloud-based communications.
Guide: Learn what modern-day digital risks are
and how you can combat them with the right protective measures.