Google analysts have presented evidence that spies working for the Kremlin have used exploits identical or strikingly similar to those sold by commercial surveillance vendors like Intellexa and NSO Group.
APT29 has been observed utilizing exploits first sold as zero-days by commercial vendors, turning them into n-days after patches were released. This indicates a direct link with commercial spyware.
The use of exploits by APT29 raises serious concerns regarding the safety and accountability of commercial surveillance vendors, highlighting how their tools can fall into the wrong hands.
In each instance of the watering hole attacks, attackers employed exploits that were found to be nearly identical to those from known commercial surveillance providers.
Collection
[
|
...
]