Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Google Security Android Windows

Google Reveals Sophisticated Windows and Android Hacking Operation (zdnet.com) 15

Google published a six-part report this week detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices. From a report: The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said. "One server targeted Windows users, the other targeted Android," Project Zero, one of Google's security teams, said in the first of six blog posts. Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user's browsers, attackers deployed an OS-level exploit to gain more control of the victim's devices. The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.
This discussion has been archived. No new comments can be posted.

Google Reveals Sophisticated Windows and Android Hacking Operation

Comments Filter:
  • by BAReFO0t ( 6240524 ) on Thursday January 14, 2021 @11:16AM (#60943516)

    That would have been the interesting part of this ...

    • by sxpert ( 139117 )

      sounds like a state actor, or their providers like NSO

    • Money. Ransomware is a great business. Russia and the old bloc countries won’t extradite anyone for writing software.

      • by khchung ( 462899 )

        Money. Ransomware is a great business. Russia and the old bloc countries won’t extradite anyone for writing software.

        Put it in another way, Russia and many other countries won't extradite anyone to another country that they do not have an extradition agreement in place.

        Extradition agreement generally is two-ways, if Americans want criminals in Russia be extradite to the US, are Americans prepared to extradite US criminals to Russia? Put up or shut up.

        Another interesting thought experiment. If China continue to get richer, in 20 years we may see American hackers injecting ransomware to Chinese companies to extort money,

    • That sure would be good to know.
      The Google team went into great detail about the vulnerabilities and the details of the exploit chains. Then nothing about what the attackers did after they achieved persistence.

      They also said it was a watering hole attack, but I see no mention of what kind of watering holes - who the targets were.

      Given the level of detail about the exploits, I suspect that the reason there is no mention of the targets and what the bad did with the access is because that was a conscious deci

  • Thanks for being a friend And letting us know a year after the fact.

  • by Joe_Dragon ( 2206452 ) on Thursday January 14, 2021 @11:33AM (#60943608)

    Chrome is the new IE in the bad ways!

    • Re: (Score:2, Flamebait)

      by thegarbz ( 1787294 )

      Horseshit. The bad ways of IE had nothing to do with easily patched coding bugs. IE's security structure didn't exist and it employed a extension set which was actively insecure by design. Chrome is pretty much the opposite.

      Chrome is the new IE in the way every software is the new IE, not in the "bad ways" but rather in the completely expected ways: it has bugs. If you want to pretend that there's any software out there which doesn't then you have no business commenting on security.

  • by smooth wombat ( 796938 ) on Thursday January 14, 2021 @12:23PM (#60943910) Journal

    Not to use the spyware known as Google Chrome. With all its data siphoning, too many vectors exist which allow things like this to happen.

  • by stebbo ( 757730 ) <stevenj&channel-e,co,uk> on Thursday January 14, 2021 @01:44PM (#60944444) Homepage

No spitting on the Bus! Thank you, The Mgt.

Working...