A zero-day iOS attack puts SolarWinds hackers at risk for a fully updated iPhone
According to Google and Microsoft, a Russian national hacker who organized a SolarWinds supply chain attack last year was part of another malicious email campaign aimed at stealing web credentials from the Western European government. Exploited a zero-day attack on iOS.
so Position Google announced Wednesday, and researchers Maddy Stone and Clement Lesigne said at the time that “actors who may be backed by the Russian government” sent a message to government officials via LinkedIn. He said he exploited an unknown vulnerability.
Moscow, Western Europe, USAID
An attack targeting CVE-2021-1879 redirected the user to a domain that had a malicious payload installed on a fully updated iPhone due to zero-day tracking. According to researchers, the attack was consistent with a campaign by the same hacker who delivered malware to Windows users.
Campaigns are closely tracked to one Microsoft disclosed in May.. In that case, Microsoft has an account under USAID, the name Nobelium used by the company to identify the hackers behind SolarWinds supply chain attacks, which is the U.S. government agency that manages private foreign and development assistance. He said he had infringed first. By managing the account of the agency of the online marketing company Constant Contact, hackers can send emails that appear to be using an address that is known to belong to a US agency.
The federal government attributed last year’s supply chain attack to hackers working at Russia’s Foreign Intelligence Service (SVR for short).for 10 years or more, SVR has conducted malware campaigns targeting governments, political think tanks, and other organizations in countries such as Germany, Uzbekistan, South Korea, and the United States.target It contains 2014 US State Department and White House. Other names used to identify the group include APT29, Dukes, and Cozy Bear.
In an email, Shane Huntley, head of Google’s threat analysis group, confirmed the link between USAID-related attacks and iOS zero-day attacks on the WebKit browser engine.
“These are two different campaigns, but based on our visibility, we believe that the actors behind WebKit’s zero-day and USAID campaigns are the same group of…