Russian hackers exploit vulnerability to invade fully updated iPhones

Last year, a group of Russian intelligence official executed a successful cyberattack on SolarWinds, a giant information technology firm in the United States. After compromising the company software, the Russians’ attack further spread to the SolarWinds customers, spying and wreaking havoc undetected for months before the breach was discovered. 

It seems the hackers are now back with a vengeance, Ars Technica reports, this time going after fully updated iPhones, which are widely considered the most secure of mass consumer smartphones.

Many “ultra-secure” iOS 14 Apple devices have been compromised

According to information from both Google and Microsoft, these same culprits managed to get their hands on an iOS 14 zero-day, which they exploited for the purpose of carrying out an e-mail campaign seeking to steal Western European government credentials for web authentication. 

A zero-day, as spy-movie sounding as it is, is simply a software vulnerability which has only just become known, resulting in its developer or owner having “zero days” to fix it upon learning of it. A zero-day attack is when a malicious party exploits that vulnerability before the developer has a chance to patch it.

The zero-day vulnerability in this case (code-named CVE-2021-1879) lay in the Webkit browser engine that is used by Safari along with Mail on iOS and the App Store (among others). What the Russian hacker group—known as Nobelium—did was send LinkedIn messages to US government official, which contained links that installed malicious payloads on their victims’ devices. 

Unfortunately, the vulnerability was present even in fully updated iPhones, resulting in the compromisation of many government handsets before its discovery. 

Apart from hacking iPhones and Solar Winds last year, Nobelium has also been discovered interfering with the 2020 Presidential Election in the United States, as well as penetrating and launching an attack against USAID (United States Agency for International Development) in recent months.

It was the head of Google’s Threat Analysis Group, Shane Huntley, who first made the connection confirming that the iOS zero-day hackers were the same group involved in the USAID cyberattack. Applehas yet to make any comment on the situation.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.