Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Hackers linked to Russian government found using some very familiar malware tools

Hacker targeting a PC.

Research from Google’s Threat Analysis Group (TAG) has found evidence Russian-backed threat actor APT29 used iterations of watering hole campaigns which were ‘identical or strikingly similar’ to exploits developed by notorious spyware companies NSO Group and Intellexa.

TAG found Mongolian government websites were hit by multiple campaigns earlier in 2024 after discovering hidden exploit codes embedded in the sites. The exploits meant anyone who used the sites using an iPhone or Android device may have had their phone hacked and data stolen.

APT29 is well-known for its links to Russia’s Foreign Intelligence Service and notable attacks on high-ranking western targets, such as US and German Government officials, as well as SolarWinds and Microsoft.

All patched up

The exploit code used in the attacks targeting iPhones shared the “exact same trigger as the exploit used by Intellexa,”, whilst the Android version used a “very similar trigger” to a code developed by NSO Group, TAG said. A patch was available for the exploits, but the attack was still effective against unpatched devices.

It’s unclear how the hackers obtained the copy of the exploit, but it could have been bought from the companies directly or stolen. TAG's research does not indicate APT29 recreated the exploits organically, but rather somehow managed to get a hold of the spyware maker’s program.

The US government recently sanctioned the Intellexa consortium for developing and selling spyware Predator, which was used to target US government officials and journalists, and the NSO Group for its development of the Pegasus surveillance tool.

Earlier in 2024, Poland launched an investigation into the use of the Israeli-developed Pegasus spyware against opposition political figures by the previous administration.

Google recommends users and organizations apply patches quickly and keep software fully up-to-date to protect against this type of attack. We’ve listed the best malware removal tools to help you stay protected.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.