Russian Hackers Hijack Spyware Tricks: Exploits Unleashed on Mongolia

Russian state-sponsored APT29, aka “Midnight Blizzard,” was caught using iOS and Android exploits from commercial spyware vendors like NSO Group. Despite patches, these n-day flaws still affect outdated devices. APT29’s techniques included compromising Mongolian government websites to steal cookies and sensitive data.

3P
Published: August 29, 2024 1:12 pmAdded: August 29, 2024 at 1:45 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

When Russian hackers start moonlighting as spyware salesmen, you know the cyber world’s gone full James Bond. Just pray your iPhone isn’t the next target in this international cat-and-mouse game!

Key Points:

  • APT29, aka “Midnight Blizzard,” mimicked commercial spyware vendors in cyberattacks from November 2023 to July 2024.
  • The attacks targeted Mongolian government websites using known but unpatched iOS and Android exploits.
  • Watering hole tactics were employed to deliver malicious payloads to specific visitors.
  • The exploits were nearly identical to those used by NSO Group and Intellexa.
  • How APT29 obtained these exploits remains a mystery, with theories ranging from hacking to bribery.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?