‘Western Government Operatives’ Behind This Hacking Campaign

Illustration for article titled Turns Out This Sophisticated Hacking Campaign Was Actually the Work of 'Western Government Operatives'

Photo: Damien Meyer/AFP (Getty Images)

A sophisticated hacking campaign that was previously witnessed targeting security flaws in Android, Windows and iOS devices is actually the work of “Western government operatives” conducting a “counterterrorism operation,” according to a new report from MIT Technology Review.

The campaign in question, which has garnered more and more attention from media outlets over the last few weeks, was first written about in January by Google’s threat research team Project Zero. At the time, all that was publicly known was that someone had been up to some very tricky business: a “highly sophisticated” group, likely staffed by “teams of experts,” was responsible for targeting numerous zero-day vulnerabilities (the grand total would later turn out to be 11) in various prominent operating systems, researchers wrote.

This hacking campaign, which ended up going on for about nine months, used the so-called “watering hole” method—in which a threat actor injects malicious code into a website to effectively “booby trap” it (visitors to the site will subsequently become infected with malware, which allows the hacker to target and escalate compromise of specific targets).

From all of these descriptors, signs naturally pointed to the involvement of some sort of high-level nation-state hackers—though few would’ve guessed that the culprits were, in fact, our friends! Nevertheless, that would appear to be the case. It is unclear what government is actually responsible for the attacks, who its targets were, or what the so-called “counterterrorism” operation related to all of this entailed. MIT has not divulged how they came into this information.

One thing is certain: Google’s discovery and subsequent public disclosure of the exploits (as well as the company’s decision to patch the vulnerabilities) has apparently derailed whatever government operation was occurring. MIT writes that, by going public, the tech company effectively shut down a “live counterterrorism” cyber mission, also adding that it “is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down”…