Sophisticated hacker targeted Android, Windows users: Google


New Delhi, Jan 13 (IANS): A highly sophisticated hacker targeted owners of Android and Windows devices in the first quarter of 2020, carrying out hacking via "watering hole" attacks, Google has revealed.

One server targeted Windows users while the other targeted Android, said Project Zero, one of Google's security teams that has recently launched its own initiative aimed at researching new ways to detect Zero-Day exploits in the wild.

"We discovered two exploit servers delivering different exploit chains via watering hole attacks," Google said in an update on Tuesday.

"Both the Windows and the Android servers used Chrome exploits for the initial remote code execution. The exploits for Chrome and Windows included 0-days".

Based on the actor's sophistication, Google think it's likely that they had access to Android 0-days, but it didn't discover any in its analysis.

A watering hole attack is where an attacker observes which websites an organisation or people often use and infects one or more of them with malware.

"We hope that by sharing this information publicly, we are continuing to close the knowledge gap between private exploitation (what well resourced exploitation teams are doing in the real world) and what is publicly known," Google said.

Overall, Google described the exploit chains as "designed for efficiency & flexibility through their modularity."

"They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks," the company elaborated.

"We believe that teams of experts have designed and developed these exploit chains."

  

Top Stories


Leave a Comment

Title: Sophisticated hacker targeted Android, Windows users: Google



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.