Hackers exploit Windows and Android zero-day vulnerabilities in complex cybercriminal campaign

Experts from Project Zero, Google’s main research team, discovered a sophisticated hacking campaign targeting users of Windows and Android systems. For the launch of an initiative dedicated to designing zero-day vulnerability detection techniques, experts discovered a complex hacking campaign deployed during the first months of 2020.

The attacks were specifically targeted at Android and Windows users, exploiting multiple vulnerabilities present in these systems and which in turn were chained to other faults in the Chrome browser: “We detected two servers that offer different chains of exploits through a variant known as ‘watering hole attack’. One server attacked Windows users, while the other was targeted at Android systems,” the specialists mention.

This is an attack variant in which malicious hackers inject malware into third-party websites widely used by individuals and organizations, infecting them indirectly. These attacks are highly effective, as infection from a single third-party site can compromise dozens or even hundreds of organizations.

As mentioned above, both exploit servers used vulnerabilities in Chrome for the initial execution of malicious code. The operators of this campaign used zero-day vulnerabilities in Windows and Chrome, while Android attacks exploited known flaws, however, attackers are not ruled out to have zero-day exploits for the mobile operating system.

According to the experts, the following codes were found on exploit servers:

  • A renderer that exploits four vulnerabilities in Chrome (including a zero-day flaw)
  • Two sandbox bypassing exploits for the affected systems. These exploits abused three zero-day vulnerabilities in Windows
  • A privilege escalation kit, consisting of a number of known exploits present in some earlier versions of Android

Project Zero highlights the sophistication of this campaign, as operators seem to have all the inputs needed to deploy these complex attacks: “Attackers employ complex and well-designed code, as well as employing a wide variety of exploits and a rare attack vector,” adds the company report. It is not known whether this hacking group is sponsored by any nation state, although researchers have not ruled out this possibility.