14 DAY TRIAL // Google security researchers uncover a massive hacking campaign that most likely originated with Russian state cybercriminals and targeted government officials in several European countries.
A new investigation by Google shows that some of the common LinkedIn spam can be quite dangerous. Hackers with possible connections to the Russian government sent fraudulent LinkedIn messages to various officials from European countries with links aimed to exploit vulnerabilities in Windows and iOS.
It is not yet known how many LinkedIn users were targeted in this hacking campaign and how many of them were ultimately hacked. Google believes that the cybercriminal gang responsible for the hacking campaign is most likely backed by the Russian government.
This was disclosed on Wednesday by Google's Threat Analysis Group, unveiling numerous new hacking tactics that make use of a variety of zero-day weaknesses. For instance, WebKit is used in Safari and all major browsers for iOS was exploited in one of the hacking campaigns. This vulnerability was fixed by Apple on March 26 (CVE-2021-1879).
The hacking campaign exploited vulnerabilities in both Windows and iOS operating systems
In May, the report dubbed “WebKit Vulnerabilities By the Numbers” said that this year has been very terrible for bugs in WebKit that hackers have found and exploited in the wild.
In order to obtain access to and exploit vulnerabilities in iOS devices, the hackers used the website they designed to deceive people into visiting the scam website. According to Google, the assault was developed by Russian hackers with the goal of stealing authentication cookies from companies such as LinkedIn, Microsoft, Google, Yahoo, and Facebook.
Shane Huntley, the director of Google TAG, the group who did the research, sent an email to Motherboard that reads “don't have visibility into the success rates” adding, “each month, we send more than 4,000 warnings to our users about attempts by government-backed attackers or other illicit actors to infiltrate their accounts”.