Google warns millions of Chrome and Safari users after Russian cyberattack
Google is advising users to 'apply patches quickly' and 'keep software fully up-to-date' following the revelation of a nine-month-long cyberattack attributed to Russian spies.
The cyberattack involved the use of commercial 'spyware' from a Greek cyber intelligence firm, Intellexa, which is based in Cyprus and had been sanctioned by the US government in March for 'misuse of surveillance tools.'
The spyware from Intellexa has been linked to attacks in various countries, including Ireland, Vietnam, and the United States.
Fortunately, most of the vulnerabilities exploited by this attack have been addressed for users who installed essential updates to Apple iOS and its Safari browser, as well as Google Chrome.
Google's Threat Analysis Group reported that vulnerabilities affecting iPhone or iPad users were fixed in September 2023 with updates to Apple iOS 16.7 and Safari 16.6.1. For Android users and those using Google Chrome, the issues were resolved by May 2024 with Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux.
“We notified both Apple and our partners at Android and Google Chrome about the campaigns at the time of discovery,” Google security engineer Clément Lecigne said.
Lecigne, based in Switzerland, also mentioned that Google's analysis with 'moderate confidence' linked these hacking campaigns to the Russian government-backed group APT29.
APT29, also known as Cozy Bear or Group 100, is believed by Western intelligence to be a hacking team associated with Russia's foreign spy agency, SVR. Evidence of APT29’s activities included payloads found on Mongolian government websites, indicating espionage motives.
“We also notified the Mongolian CERT [Cybersecurity Emergency Response Teams] to remediate the infected websites,” Lecigne noted in his report.
Google's cybersecurity experts also warned that such attacks might become more common, potentially replicated by other sophisticated groups using the same spyware tools.