Russian hackers are using the cyber arsenal of Western spy companies to attack governments

30 August 2024 1 minute Author: Newsman

The Russian hacking group Cozy Bear, also known as APT29, is using exploits and code developed by Western cyber surveillance companies such as Intelexa and NSO Group to attack government networks, according to the Google Threat Analysis Group (TAG).

Cozy Bear, a cyber threat group that operates with the support of the Russian government, used exploits developed by commercial cyber surveillance companies to attack government sites in Mongolia. In November 2023, Cozy Bear attacked Mongolian government websites using the same exploit previously used by Intelexa. In February 2024, the attack was repeated, and in July 2024, Russian hackers used another exploit inspired by the activities of the NSO Group.

The hackers modified the code to add a crash mode that sends information to the command center in case of an error and tries to cause the victim’s browser to crash. These attacks demonstrate how zero-days and exploits developed by commercial spyware vendors can be used by malicious actors such as APT29 to launch cyberattacks.

Google TAG urges users and organizations to immediately apply patches and keep their applications up-to-date to prevent such attacks.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.