![]() ![]() “In May 2019, we reported that FIN6 used a Windows server 2019 use-after-free zero-day ( CVE-2019-0859) in a targeted intrusion in February 2019,” according to the analysis. Project Zero member Maddie Stone wrote in a technical post at the time that there are indicators that the exploit is “allegedly being used or sold by the NSO Group.”Īnd finally, financially motivated groups have been seen potentially leveraging purchased zero-days in their operations. SandCat and FruityArmor have been seen using the same exploits at other points in 2019 as well.Īside from involvement with nation-state-backed groups, 2019 also saw a zero-day exploit in WhatsApp ( CVE-2019-3568) reportedly used to distribute spyware developed by NSO Group and, an Android zero-day vulnerability ( CVE-2019-2215) also was seen by Google researchers being exploited in the wild in October. “This group may have acquired their zero-days by purchasing malware from private companies such as NSO Group, as the zero-days used in SandCat operations were also used in Stealth Falcon operations, and it is unlikely that these distinct activity sets independently discovered the same…zero-days,” FireEye noted. The security firm also said that the APT has been known to buy zero-days from NSO Group, including three iOS zero-days in 2016 reported by Lookout.Īlso, the SandCat APT, which Kaspersky has said is likely affiliated with Uzbekistan state intelligence, was observed using a Windows kernel bug zero-day ( CVE-2019-0859) that opened the door for full system takeover of victims. Stealth Falcon) continued to attack journalists and activists in the Middle East with targeted espionage campaigns over the course of the year and from 2016 to 2019, this group used more zero-days than any other, according to FireEye’s analysis. In its analysis, FireEye pointed out that the FruityArmor APT (a.k.a. That’s a charge it denies, arguing that it can be a force for good. ![]() The private company has been criticized in the past for selling zero-day exploits to “authorized governments” who may have launched targeted attacks against human rights activists and journalists. One of the zero-day purveyors that may have done a brisk trade in 2019 was the controversial Israeli firm known as NSO Group. “ a significant increase over time in the number of zero-days leveraged by groups suspected to be customers of companies that supply offensive cyber-capabilities.” “A wider range of tracked actors appear to have gained access to these capabilities,” FireEye researchers noted in a blog post, published on Monday. While the identification and exploitation of zero-day vulnerabilities has historically been a calling card for only the most sophisticated cybercriminals, a wider range of threat actors are now gaining access to exploits for undocumented, unpatched bugs simply by buying them – no deep security expertise required. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group a growing commercial market has made such tools much more widely available. There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant.
0 Comments
Leave a Reply. |