silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,143
Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits.
The Project Zero team, in collaboration with the Google Threat Analysis Group (TAG), discovered a watering hole attack using two exploit servers in early 2020, each of them using separate exploit chains to compromise potential targets.
"These exploit chains are designed for efficiency & flexibility through their modularity," Project Zero said after analyzing them for several months.
"They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks. We believe that teams of experts have designed and developed these exploit chains."
Project Zero researchers were able to collect a trove of information from the two exploit servers including:
- Renderer exploits for four bugs in Chrome, one of which was still a 0-day at the time of the discovery.
- Two sandbox escape exploits abusing three 0-day vulnerabilities in Windows.
- A “privilege escalation kit” composed of publicly known n-day exploits for older versions of Android.
Google discloses hacking campaign targeting Windows, Android users
Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits.
www.bleepingcomputer.com