Creation Center
  1. chief security officerHome
  2. intelligence gathering

Google security report reveals more than 60 0day used for commercial spyware

chief security officer intelligence gathering 1058 views

More than 60 zero-day vulnerabilities (0day) that have been made public since 2016 are associated with commercial spyware vendors for government agencies, and vulnerabilities exist in products from a number of companies, including Apple, Adobe, Google, and others, where they have been used for attack purposes including targeting journalists and political dissidents. The report notes that a large number of vulnerabilities are actively exploited in 2023.

Report disclosure

In the security report, Google reveals more than 60 disclosures since 2016 against Apple, Adobe, Google, Microsoft and Mozilla productszero-day exploitFor commercial usespywareRelated to multiple commercial spyware service providers.

spyware vendor

The security report provides an in-depth analysis of the operations of spyware service providers that help the government install spyware on devices. These commercialSpyware vendorsClaiming that their products and services are used only for legitimate surveillance, usually for law enforcement purposes, numerous investigations have shown that they are used against political opponents, journalists, dissidents and human rights defenders.

Commercial spyware vendors are prepared to pay millions of dollars for exploits that give them complete control over devices, especially phones running Android and iOS, but these companies also make millions of dollars from individual customers. In addition to the spyware itself, customers get an initial delivery mechanism and the required exploit programs, command and control infrastructure, and tools for organizing the data stolen from compromised devices.

Google's Threat Analysis Group (TAG) currently tracks approximately 40 commercial spyware vendors that develop and sell exploits and malware to the government.

In its latest report, Google lists 11 of those vendors, including Candiru, Cy4Gate, DSIRF, Intellexa, Negg, NSO Group, PARS Defense, QuaDream, RCS Lab, Variston and Wintego Systems.

The company attributes more than 60 unique Android, Chrome, iOS/macOS, WhatsApp and Firefox zero-day vulnerabilities discovered since 2016. The list does not include known (NDAY) security vulnerabilities that spyware vendors have been observed to exploit.

Of the 25 exploited vulnerabilities discovered by TAG in 2023, 20 were exploited by spyware vendors. Additionally, 35 of the 72 zero-day vulnerabilities exploited in Google products since mid-2014 were exploited by these companies.

The security report states that these are only the vulnerabilities that have been discovered. The actual number of exploited vulnerabilities may be higher because there are still vulnerabilities that have not yet been detected or have not yet been linked to spyware vendors.

Financial perspective

Spyware vendors are willing to pay millions of dollars for access to vulnerabilities that enable complete control of devices. They are also able to generate high revenues from individual customers, offering services that include delivery mechanisms, exploits, command-and-control infrastructure, and tools to steal data.

Report Tracking Vendors

Google's Threat Analysis Group (TAG) is tracking about 40 vendors that develop and sell spying tools for government customers.

Google mentions several spyware vendors in its report, including Candiru, Cy4Gate, DSIRF, Intellexa, Negg, NSO Group, PARS Defense, QuaDream, RCS Lab, Variston and Wintego Systems.

Attribution of vulnerabilities

More than 60 unique zero-day vulnerabilities discovered since 2016 have been identified as being related to the above vendors.

2023 Review

In 2023, 20 of the 25 zero-day vulnerabilities discovered by TAG are believed to be exploited by spyware vendors. Since mid-2014, 35 of the 72 zero-day vulnerabilities targeting Google products have involved these companies.

typical case

For example, the iOS zero-day vulnerabilities CVE-2023-28205 and CVE-2023-28206, for which Apple hastily released patches in April 2023, and CVE-2023-32409, for which a patch was released in May, have been exploited by Spanish company Variston. Exploitation of Android vulnerability CVE-2023-33063 is now also linked to the same spyware vendor.

Apple recently warned that two iOS vulnerabilities, CVE-2023-42916 and CVE-2023-42917, have been exploited by Turkish company PARS Defense.

Chrome vulnerabilities CVE-2023-2033 and CVE-2023-2136, which were fixed by Google in April, and CVE-2023-3079, which was resolved in June, are attributed to Intellexa.

CVE-2023-7024 is the eighth zero-day vulnerability in Chrome to be fixed in 2023 and is now attributed to the NSO Group.

Google warned in September when it fixed CVE-2023-5217 that the Chrome vulnerability had been exploited by a spyware vendor, but did not name the company. The new report suggests that the spyware vendor is Israel-based Candiru.

CVE-2023-4211, CVE-2023-33106, and CVE-2023-33107 Android vulnerabilities are believed to be the work of Italian company Cy4Gate.

security patch

When Google and Apple patch zero-day vulnerabilities, they inform customers in their bulletins that they are being exploited, but do not provide any information about the attack or the attacker. Google's latest report links several of these zero-day vulnerabilities to specific spyware vendors for the first time.

 

Original article by Chief Security Officer, if reproduced, please credit https://www.cncso.com/en/spyware-vendors-linked-to-zero-day-exploits.html

Like (0)
0 0

About the author

chief security officer

chief security officer

92 posts
4 comments
2 followers
Chief Security Officer (cncso.com)
Previous February 5, 2024 at 7:29 pm
Next February 10, 2024 at 7:43 pm

related suggestion