APT29 Hacking Group Exploits Mongolian Websites

Iranian nation-state hacking group APT33 has launched attacks using new Tickler malware against U.S. and UAE oil, gas, and defense sectors, leveraging compromised Microsoft Azure subscriptions for password spraying and subsequent intrusions. Meanwhile, Russian hacking group APT29 has been observed utilizing exploits that closely resemble those created by commercial spyware vendors NSO Group and Intellexa, targeting Mongolian government websites through a series of watering hole attacks between November 2023 and July 2024. Google’s Threat Analysis Group noted that these attacks exploited vulnerabilities in iOS and Android devices, allowing attackers to steal user data even after patches were available. The exploits delivered through these campaigns include an iOS WebKit flaw, CVE-2023-41993, which specifically targeted unpatched devices. These developments highlight the ongoing collaboration and tool-sharing between state-sponsored hackers and commercial spyware entities, raising concerns over cybersecurity vulnerabilities.