Hackers with ties to Russian government discovered using highly known malware tools

Google Research Threat Analysis Group (TAG) has found evidence that Russian-backed cybercriminal APT29 used iterations of watering hole campaigns that were “identical or strikingly similar” to exploits developed by notorious spyware companies NSO Group and Intellexa.

TAG discovered that Mongolian government websites were hit by multiple campaigns earlier in 2024 after exploit code was discovered hidden in the sites. The exploits meant that anyone accessing the sites with an iPhone or Android device could potentially have their phone hacked and their data stolen.