SolarWinds hackers used an iOS 0-day to steal Google and Microsoft credentials

The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.

In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a “likely Russian government-backed actor” exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn.

Moscow, Western Europe, and USAID

Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said.

Read 12 remaining paragraphs | Comments

Author: Dan Goodin

Source: Dan Goodin.” SolarWinds hackers used an iOS 0-day to steal Google and Microsoft credentials”. Retrieved From https://arstechnica.com/?p=1780318

All Rights Of This Article Reserved To Ars Technica

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: