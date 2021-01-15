Last Tuesday (12), Google published a report of a major hacking operation that tried to affect Android and Windows users. Published in six parts, the complex movement of cybercriminals used two servers to apply watering hole attacks, where they seek control of the network of devices to deliver phishing scams or malicious downloads.

The coordinated action used sophisticated methods to study the browsing behavior of users of Android and Windows devices. With the support of the servers, the criminals used Google Chrome’s “zero-day” flaws as a gateway, guaranteeing access to user data traffic with the internet and then exploring remote access on the affected device.

In action, not only uncorrected loopholes were explored. According to the document, cybercriminals took advantage of the negligence with updates to take advantage of flaws already corrected by updates, demonstrating forethought in this sophisticated action.

Of the bugs, four of them were in Google Chrome renderers – one “zero-day”; two were escape sandbox exploits that exploited three “zero-day” vulnerabilities in Windows; and a set that abused loopholes in older versions of the Android operating system. All of them found on the servers, as described by the Google document.

A dangerous group

The researchers responsible for the report are concerned about the cybercriminals’ next actions. This event demonstrated that the group has an excellent planning capacity, exploring common habits and with gaps not yet discovered.

So far, Google believes the action was designed by security experts. “They are complex codes, designed with a variety of new exploitation methods,” they comment in the report. “(The codes) have mature extraction, sophisticated post-exploitation techniques and high volumes of anti-analysis and targeting checks”, they added.

The volume of victims of the attacks was not revealed, so there is no information on the number of targets, how many devices were hit and what the consequences of the invasion were. The full report was published on the Google Project Zero blog.