HomesecurityGoogle: Revealed sophisticated attack on Windows and Android users

Google: Revealed sophisticated attack on Windows and Android users

Η Google published a report in which he describes in detail a complicated hacking campaign which he had identified in early 2020 and which targeted both Windows and Android users.

Google Windows Android
Google: Revealed sophisticated attack on Windows and Android users

According to the company, attacks took place through two exploit servers, which provided different exploit chains via watering hole attacks (attackers infect with malware the sites that a company uses the most).

"A server was targeting users Windows and the other Android ", said the security team of Google, Project Zero.

The researchers said they used both exploit servers Google Chrome vulnerabilities to get the original access at Appliances of the victims. After the initial entry into the user's browsers, the attackers used an OS-level exploit to gain more control over the victims' devices.

The exploit chains included a combination zero-day (unknown vulnerabilities) and n-day (vulnerabilities for which there is a patch, but continue to exploit them hackers) vulnerabilities.

Google said the exploit servers contained:

  • Four "Renderer" errors in Google Chrome (one of which was zero-day when it was discovered).
  • Two sandbox escape exploits exploiting three zero-day vulnerabilities in the Windows operating system.
  • And one "privilege escalation kit”Which consisted of well-known n-day exploits for older versions of Android.

Here are the four zero-days vulnerabilities used:

  • CVE-2020-6418: Chrome Vulnerability in TurboFan (corrected in February 2020)
  • CVE-2020-0938: Vulnerability in Windows (corrected in April 2020)
  • CVE-2020-1020: Vulnerability in Windows (corrected in April 2020)
  • CVE-2020-1027: Windows CSRSS Vulnerability (Fixed April 2020)

Google said the researchers did not find it data on the existence of Android zero-day exploits hosted on exploit servers. However, he believes the attackers probably also had access to Android zero-days, but were probably not hosted there when the campaign was discovered.

Google: Revealed sophisticated attack on Windows and Android users

Google: Exploit chains were sophisticated and well designed

Google described exploit chains as “designed for efficiency and flexibility".

"It is well designed, complex code with a variety of innovative exploitation methods, sophisticated and calculated post-exploitation techniques and large numbers of controls to be detected", Said Google.

Google also published reports detailing a "infinity bug ”by Chrome used in the attacks, the Chrome exploit chains, The Android exploit chains, post-exploitation steps on Android devices and Windows exploit chains.

This information can help others Companies security to identify similar attacks against their customers.

Source: ZDNet

Digital fortress
Pursue Your Dreams & Live!