Two of Google’s anti-hacking teams uncovered and unilaterally took down a malware distribution operation that was being run by an undisclosed US ally, according to a report last Friday in MIT Technology Review.
The report, written by the publication’s cybersecurity senior editor Patrick Howell O’Neill, says that the Google teams—Project Zero and Threat Analysis Group—“caught an unexpectedly big fish recently: an ‘expert’ hacking group exploiting 11 powerful vulnerabilities to compromise devices running iOS, Android, and Windows.”
O’Neill also wrote that MIT Tech Review “has learned that the hackers in question were actually Western government operatives actively conducting a counterterrorism operation” and that Google’s decision to shut down and publicly expose the hack caused internal divisions and “raised questions inside the intelligence communities of the United States and its allies.”
Google’s Project Zero specializes in finding what are known among cybersecurity experts as zero-day vulnerabilities, i.e., flaws in software that developers are aware of but have not yet been able to fix. These unintended weaknesses are called zero-day because they can be exploited by cybercriminals and hackers while developers have “zero days” to patch the software.
According to Google’s website, the Threat Analysis Group is responsible for countering targeted and government-backed hacking against the company’s products and users. Much of TAG’s previous actions have been taken against “influence operations” reported to have government backing from North Korea, Russia or China, for example.
The hacks in question were discovered by Google’s teams as far back as February 2020 and were reported on in a blog post published by Project Zero on March 18. The post entitled, “In-the-Wild Series: October 2020 0-day discovery,” detailed seven instances of zero-day exploits within Apple, Google and Samsung browsers running on iOS, Windows and Android operating systems.