Russian hackers attack LinkedIn users through 0-day vulnerability in Safari

Google has unveiled attacks using four zero-day vulnerabilities.

Security researchers at Google have provided additional information on four zero-day vulnerabilities in Google Chrome, Internet Explorer and WebKit (Apple’s Safari browser engine) exploited in hacker attacks and fixed earlier this year.

These are the following vulnerabilities:

CVE-2021-21166 – Audio object lifecycle issue in Chrome.

CVE-2021-30551 – mismatch of input data types in V8 in Chrome;

CVE-2021-33742 – Out of bounds write to MSHTML in Internet Explorer.

CVE-2021-1879 – Memory usage after free in QuickTimePluginReplacement in WebKit (Safari).

According to Shane Huntley, head of the Google Threat Analysis Group, the experts linked the attacks with the exploitation of three vulnerabilities with a provider of commercial hacking tools, whose services are used by special services, and another vulnerability with an APT group, presumably Russian.

Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!).

We tie three to a commercial surveillance vendor arming govt backed attackers and one to likely Russian APT.

Also thoughts on why we are seeing so many 0day in 2021.https://t.co/LGQjEYs3gH https://t.co/Ap9dEq98Cy

— Shane Huntley (@ShaneHuntley) July 14, 2021

According to Huntley, in the first half of this year, attackers used 33 zero-day vulnerabilities in attacks that were publicly disclosed, 11 more than last year.

Exploits for vulnerabilities in Google Chrome and Internet Explorer were developed by the same vendor of commercial tracking tools that sold them to law enforcement agencies. These exploits were not used in large-scale malicious campaigns, which is not the case for the vulnerability in WebKit, which was exploited in attacks on high-ranking officials in Western European countries. In a malicious campaign targeting iOS devices with outdated versions of iOS (12.4 to 13.7), attackers sent malicious links to victims in LinkedIn messages.

The ultimate goal of the attackers was to collect cookies for authorization on several popular sites, including Google, Microsoft, LinkedIn, Facebook and Yahoo, and transfer them via WebSocket to IP addresses controlled by the hackers.

While Google does not associate the attacks with any particular group, according to Microsoft, the responsibility for them lies with Nobelium, which is famous for its attack on SolarWinds.

Catch up on more stories here

Follow us on Facebook here