Recently, as first reported by Bleeping Computer, Google’s Project Zero identified and revealed a hacking campaign used by a “highly sophisticated actor” which targeted Windows and Android users with zero-day and n-day exploits. By uncovering two exploit servers used in watering hole attacks, Project Zero researchers were able to uncover several of the exploits used by these threat actors including:
- Renderer exploits for 4 bugs in Chrome, with one bug being a zero-day.
- 2 sandbox escape exploits abusing 3 Windows zero-days.
- A privilege escalation kit used for older versions of Android.
All bugs have since received patches after Project Zero’s discovery.
Analyst Notes
Since zero-days are fairly hard to anticipate, Binary Defense recommends employing a 24/7 SOC monitoring solution (like Binary Defense’s own Security Operations Task Force), as the zero-days may perform file/registry writes that produce alertable events.
https://www.bleepingcomputer.com/news/security/google-discloses-hacking-campaign-targeting-windows-android-users/