LinkedIn was used as a vector for Russia-based actors to target European government officials as part of a hacking campaign. The new research from Google’s Threat Analysis Group (TAG) found that hackers sent messages over the popular professional social network containing malicious links to users affiliated with European governments. These were designed to take advantage of a previously unknown exploit in iOS. The zero-day vulnerability, dubbed CVE-2021-1879, affects the WebKit of the popular Safari browser. This is the default browser used on Apple devices, including iPhones and iPads. Anyone clicking the link from an iOS device would be redirected to an attacker-controlled domain that served the next stage payloads. Users would then have Cobalt Strike, a penetration testing product, downloaded onto their devices. This in turn is generally used to download malware, with Cobalt Strike typically adding a program called Beacon. This allows the attack to log keystrokes, execute commands on the victim’s device, and transfer files, among others. After validating the device, Cobalt Strike would download a final payload designed specifically to take advantage of CVE-2021-1879. “This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook and…
Read More
LinkedIn Hacking Campaign Illustrates Rise in Zero-Day Exploits
