Cybersecurity experts have uncovered a series of attacks on smartphones and computers. It is reported by the Bleeping Computer edition.
Project Zero specialists from Google said that an unknown group carried out a series of attacks on users of gadgets based on Windows, iOS and Android. The two largest campaigns took place in February and October 2020. The total number of victims is not reported, but experts estimate their number in the millions.
The report says the attacks were made possible by so-called zero day vulnerabilities. This is a type of malware or vulnerability in operating systems against which no security algorithms have yet been developed. As a rule, all attacks were aimed at stealing user personal data by transferring it to a malicious site. “An iframe has been embedded on dedicated websites, pointing to one of two exploit servers,” said Project Zero team member Maddie Stone. The number of “zero-day vulnerabilities” used to organize attacks exceeded 11.
In particular, in the winter of 2020, hackers exploited vulnerabilities in the Chrome browser, Windows fonts, and other system components. The attacks organized by hackers in the fall were based on a clipboard overflow error on Android smartphones, errors in iOS, failure and disclosure of iOS kernel data, and hacking of Safari browser fonts.
In the conclusion of the experts, it is said that the use of the listed vulnerabilities testifies to the expert understanding by hackers of the issue of remote hacking of devices.
In mid-March, a group of hackers announced that 150,000 Verkada CCTV cameras had been hacked around the world. Among the victims of cybercriminals were hospitals, police stations, prisons and private companies, such as a Tesla warehouse in Shanghai and the offices of Verkada itself.
