Recent reports reveal that Russian hackers are using serious flaws in iOS and Chrome to steal sensitive user data. The notorious APT29 group, also known as “Midnight Blizzard,” has been exploiting vulnerabilities found in both iOS and Chrome browsers to target unsuspecting users. The scary part? These tactics are nearly identical to those used by commercial spyware vendors like NSO Group and Intellexa. Let’s dive into why these attacks are so dangerous and what you can do to protect your data.
Who Are APT29, and What Are They Doing?
APT29, a state-sponsored Russian hackers group, has been leveraging flaws in iOS and Chrome browsers to carry out cyberattacks between November 2023 and July 2024. They’ve been using known exploits that affect iOS versions older than 16.6.1 and Chrome on Android versions from m121 to m123. Hackers continue to target users who haven’t updated their devices, even though patches for these flaws are already available.
The hackers primarily targeted websites belonging to the Mongolian government, employing a sneaky cyberattack method known as “watering hole” tactics. Hackers compromise legitimate websites with malicious code during these attacks, delivering harmful payloads to visitors meeting specific criteria. In this case, the criteria were vulnerable iOS and Android devices.
Why Are These Attacks So Dangerous?
Google’s Threat Analysis Group (TAG) has been closely monitoring APT29’s activities, noting their long history of exploiting zero-day and n-day vulnerabilities. They’ve been particularly adept at using iOS WebKit flaws to steal browser cookies from iPhone users. For instance, they exploited a vulnerability, CVE-2023-41993, which was previously used as a zero-day by the commercial spyware vendor Intellexa.
Similarly, APT29 used Chrome exploits to attack Android users, stealing sensitive information such as cookies, passwords, and other data stored in Chrome browsers. These hacks are not just sophisticated; they’re specifically tailored to extract highly personal information from your device, making them incredibly dangerous.
Also read | How the Qilin Ransomware Attack Exploited VPN Credentials and Stole Chrome Data
What Can You Do to Protect Your Data?
The good news is that patches for these vulnerabilities have been released. However, they only work if you’ve installed them. Here’s what you can do to keep your data safe:
- Update Your Devices Regularly: Make sure your iPhone or Android device is updated to the latest version. These updates contain essential security patches that protect against the vulnerabilities exploited by hackers.
- Use Strong Passwords and Change Them Often: Always use complex passwords for your accounts, and consider changing them periodically to further protect your information.
- Be Wary of Suspicious Links and Websites: Avoid clicking on unknown links or visiting suspicious websites, as they can be compromised and serve as a gateway for these exploits.
- Enable Two-Factor Authentication (2FA): Adding an extra layer of security to your accounts can significantly reduce the risk of unauthorized access, even if your passwords are compromised.
FAQs
1. Who are APT29, and why are they targeting iOS and Chrome?
The Russian hackers group APT29, also known as “Midnight Blizzard,” targets iOS and Chrome browsers, stealing sensitive data.
2. How can I protect my data from these hacks?
The best way to protect your data is by regularly updating your devices, using strong passwords, avoiding suspicious websites, and enabling two-factor authentication.
3. What are “watering hole” attacks?
Watering hole attacks involve compromising legitimate websites with malicious code designed to target specific visitors, such as those using outdated software.
5. Why should I be concerned if my device is running an outdated version?
Outdated versions of iOS and Chrome are vulnerable to these sophisticated exploits, putting your personal information, like cookies and passwords, at risk.