Google’s Project Zero security researchers have teamed up with Google’s Threat Analysis Group (TAG) to find even more security holes. The first result of this association is the discovery of a sophisticated hacking operation that took place in the first quarter of 2020, but had not been detected until now.
This attack in watering hole (a site visited on a regular basis by a target is trapped) was using two servers as shown in the diagram below (click to enlarge):
It targeted Google and Android systems by exploiting several security holes, in particular one located in the rendering engine of the Chrome browser. The first server was dedicated to the Windows attack while the second managed the Android attack.
Fortunately, the zero-day vulnerabilities used were removed by publishers in updates that took place in February for the chrome browser and in April for the Windows system. Hackers also exploited old loopholes that were present in older versions of Android, but which have been discovered and fixed.
The Project Zero team has published the results of their research in detail on their blog. For researchers, these attacks have been developed by experts and their modular concept provides them with efficiency and flexibility.
Source : Google
*The article has been translated based on the content of Sécurité – 01net by www.01net.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!