The hackers aimed to extract browser cookies from infected devices. Google notified the Mongolian Cybersecurity Bureau, as well as Apple, Google, and Android, about the identified threat. Google revealed the espionage campaign targeting Mongolian government websites, which is believed to be carried out by Russia-supported hackers, as reported by The Record.
Security researchers have identified a cyberattack that used exploits previously employed by commercial surveillance providers Intellexa and NSO Group, making it unique.
A Google representative informed the publication that researchers first detected the use of these exploits by suspected members of the Russian hacker group known as APT29. However, it remains unknown how these exploits came into the hackers' hands and whether Intellexa or NSO Group deliberately sold them to the Russian government.
During this campaign, which lasted from November 2023 to July 2024, the attackers employed "watering hole" tactics—attacking popular websites frequently visited by their target users. They injected malicious code into the websites of the Mongolian Ministry of Foreign Affairs and the Cabinet of Ministers.
The attack initially targeted iPhone users, later adding versions for Android and Chrome. Although patches were released for all vulnerabilities, the attack could still have been successful against those who did not update their devices.
