The attackers use a combination of Chrome, Windows, and Android vulnerabilities. It consists of zero-day and n-day exploits. Google published a six-part report detailing the futuristic hacking operations the company detected in 2020.
However, it will target both Android and Windows device owners. The attack carries via two exploit servers, which send different exploit chains through the watering hole attack.
Google Disclose Project Zero For Windows & Android hacking operation.
Recently, Project Zero launched and its initiative aimed at researching the latest ways to detect 0-day exploits in the wild. Through a partnership with the Google Threat Analysis Group, one of the first outcomes of this initiative will be discovering a water hole attack in Q1 2020 carried out by a very sophisticated actor.
Google said it found two exploit servers that provided different exploitation chains through the watering hole attack. One server targets Windows users, the other targets Android. As per the android app development agency, both Windows and Android servers use the Chrome exploit. Exploits for Chrome and Windows include 0-day. For Android, the exploit chain uses the publicly known n-day exploit.
What’s The Latest News Included?
Google has released a six-part report, providing details on the complex hacking operation it discovered in 2020. The hacking process targeted all Android and Windows devices. According to Google, it launched the attack via two exploit servers. Each server sends a different exploit chain through the watering hole attack. However, this is done by gathering information about the targeted groups regarding what websites they frequently install malware on these sites to infect the group’s systems. One server targets Windows users, while the other targets Android users. As per the efficient app development company, both of them exploited a vulnerability to get early access to the victim’s device.
The attackers use OS-level exploits to gain more control over the victim’s device once they have successfully created an initial entry point in the victim’s browser. The exploitation chain includes zero-day and n-day vulnerabilities. This server contains four render bugs in Google Chrome, two sandbox bypass exploits that abuse zero-day flaws in Windows OS, and a privilege escalation kit consisting of n-day exploits for older versions of the Android OS. This article continues to discuss findings shared by Google surrounding Futuristic Windows & Android hacking operations.
Overall, Google Says the Exploits Server Consists of:
- Four render bugs in Google Chrome, one of which is still 0 days at the time of its discovery.
- Two sandbox escape exploits that abuse three 0-day vulnerabilities in Windows OS.
- And a privilege escalation kit consisting of publicly known n-day exploits for older Android OS versions.
The Four Day zeros, all of which were patched by Spring 2020, are as follows:
- CVE-2020-6418 – Chrome Vulnerability in TurboFan (Repaired February 2020)
- CVE-2020-0938 – Font Vulnerability in Windows (Repaired April 2020)
- CVE-2020-1020 – Font Vulnerability in Windows (Repaired April 2020)
- CVE-2020-1027 – Windows CSRSS Vulnerability (Repaired April 2020)
Source: https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Google says that while they found no evidence of an Android zero-day exploit being hosted on the exploit’s server. However, its security researchers believe that the threat actor likely also had access to Android zero-days but most likely didn’t host it. On the server when researchers found it.
Summary
Above here, we have discussed Google’s latest update on Project Zero. However, finally, Google reveals futuristic Windows and Android hacking operations. Read the complete article to understand every aspect in depth. At Zazz, we provide you all the required technical or non-technical, latest, and updated information at your fingertips.
Moreover, we are well-known mobile application developers in USA and offer app development services worldwide. Thus, if you think we missed something or want to know more about app development, contact us immediately. Our developers will assist you with the best of their knowledge.