Google is this week warning of a major hacking operation that is targeting users on its own Android devices, and hardware running Microsoft's Windows platform. According to the company, threat actors initiated the attacks in early 2020 through two exploit servers.
Hackers were able to use vulnerabilities to deliver exploit chains in the form of watering hole attacks. This is a form of attack where the bad actor will monitor which sites and services a victim regularly uses and then attempt to infect one of them.
When the victim visits a regular website that is no infected, they too can be compromised by malware.
Google Project Zero points out one server was targeting Windows and the other was targeting Android. Both exploit servers took advantage of vulnerabilities in the Google Chrome web browser. Project Zero charted the exploits through a six-blog post run this week.
Once an attacker infected a victim device, the browser would deploy OS-level exploits allowing the threat actor to gain more access and control. Google says the attack was achieved through a combination of zero-day and n-day exploits.
Most people are familiar with zero-days, exploits that are previously unknown to developers. However, n-days are a little more obscure to the public. These are bugs that a company has previously patched but still have active exploits in the wild.
Google says the pair of exploit servers included the following:
- Four “renderer” bugs in Google Chrome.
- A pair of sandbox escape exploits.
- A “privilege escalation kit”.
Included in those bugs were four zero-days for Windows. All bugs were patched early in 2020.
- CVE-2020-6418 – Chrome Vulnerability in TurboFan
- CVE-2020-0938 – Font Vulnerability on Windows
- CVE-2020-1020 – Font Vulnerability on Windows
- CVE-2020-1027 – Windows CSRSS Vulnerability
Project Zero says the bugs were sophisticated and capable of causing a lot of problems for infected devices:
“They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks,” Google said.
Tip of the day:
When you boot Windows 10 it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.