sophisticated hacking operation that targeted owners of both Windows and Android devices ,Google reports. The tech giant spotted this hacking operation in early 2020, as a part of its Project Zero initiative, which is aimed to detect zero-day exploits in the wild.

Discovery details

The attacks were using two exploit servers spreading different exploit chains via Watering hole attack. Both were using exploits as initial remote code execution. While one server targeted Windows, the other targeted Android users. 

  • The exploits of Windows and Chrome included zero-days. However, in the case of Android, the exploit used publicly known n-day exploits. 
  • Based on the threat actor’s sophistication, they are believed to have access to Android zero-days as well, though it was not hosted on the server.

Details of the exploit

  • The exploit servers included four renderer bugs in Google Chrome, one was zero-day at the time of its discovery. 
  • Two sandbox escape exploits utilized three zero-day vulnerabilities in the Windows OS.
  • In addition, a privilege escalation kit was used that consisted of publicly known n-day exploits for older versions of the Android OS.
  • The four zero-days discovered in these chains are CVE-2020-6418, CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027, which were fixed between February to April 2020.

To be noted

The recent attacks were well-engineered and had complex code with a mixture of novel exploitation methods. To avoid any risks from such threats, experts suggest organizations take proactive measures such as regularly patching up software, using reliable anti-malware, deploying a Host Intrusion Protection System (HIPS), and using only essential applications on business devices.