Russian Hackers Target Mongolian Governments with Exploits

Google's Threat Analysis Group (TAG) has linked a series of cyberattacks targeting Mongolian government websites to the Russian hacking group APT29, also known as Midnight Blizzard. These attacks, occurring between November 2023 and July 2024, exploited vulnerabilities in Apple Safari and Google Chrome, with exploits similar to those developed by commercial surveillance vendors like Intellexa and NSO Group. Notably, the attacks utilized watering hole tactics to deliver malware through compromised sites, leveraging flaws such as CVE-2023-41993, which has since been patched. Google has urged users to promptly update their software to mitigate risks, as the vulnerabilities were still dangerous for unpatched devices. Most of the affected vulnerabilities were addressed in updates for iOS and Chrome earlier this year, highlighting the importance of maintaining up-to-date software. The findings underscore ongoing concerns about state-sponsored cyber espionage and the reuse of commercial surveillance tools in attacks.