Russian Hackers Exploit Safari and Chrome Vulnerabilities in Major Cyberattack

Cybersecurity researchers have identified several active exploit campaigns that targeted Apple Safari and Google Chrome browsers, using now-patched vulnerabilities to infect mobile devices with information-stealing malware.

“These campaigns utilized n-day exploits, which, while patched, remain effective on unpatched devices,” said Clement Lecigne, a researcher from Google’s Threat Analysis Group (TAG), in a report shared with The Hacker News.

The activity, recorded between November 2023 and July 2024, is particularly noteworthy for deploying exploits via a watering hole attack on Mongolian government websites, including cabinet.gov[.]mn and mfa.gov[.]mn.

The intrusion has been tentatively attributed to a Russian state-sponsored threat actor known as APT29 (also called Midnight Blizzard). The tactics used in these campaigns bear similarities to those associated with commercial surveillance vendors Intellexa and NSO Group, suggesting potential exploit reuse.

The vulnerabilities at the center of the campaigns are listed below -

• CVE-2023-41993 - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content (Fixed by Apple in iOS 16.7 and Safari 16.6.1 in September 2023)
• CVE-2024-4671 - A use-after-free flaw in Chrome's Visuals component that could result in arbitrary code execution (Fixed by Google in Chrome version 124.0.6367.201/.202 for Windows and macOS, and version 124.0.6367.201 for Linux in May 2024)
• CVE-2024-5274 - A type confusion flaw in the V8 JavaScript and WebAssembly engine that could result in arbitrary code execution (Fixed by Google in Chrome version 125.0.6422.112/.113 for Windows and macOS, and version 125.0.6422.112 for Linux in May 2024)

For Further Reference

https://thehackernews.com/2024/08/russian-hackers-exploit-safari-and.html