Hackers linked to Russian government found using some very familiar malware tools

APT29 is well-known for its links to Russia’s Foreign Intelligence Service and notable attacks on high-ranking western targets, such as US and German Government officials, as well as SolarWinds and Microsoft.

All patched up

The exploit code used in the attacks targeting iPhones shared the “exact same trigger as the exploit used by Intellexa,”, whilst the Android version used a “very similar trigger” to a code developed by NSO Group, TAG said. A patch was available for the exploits, but the attack was still effective against unpatched devices.

It’s unclear how the hackers obtained the copy of the exploit, but it could have been bought from the companies directly or stolen. TAG's research does not indicate APT29 recreated the exploits organically, but rather somehow managed to get a hold of the spyware maker’s program.

The US government recently sanctioned the Intellexa consortium for developing and selling spyware Predator, which was used to target US government officials and journalists, and the NSO Group for its development of the Pegasus surveillance tool.

Earlier in 2024, Poland launched an investigation into the use of the Israeli-developed Pegasus spyware against opposition political figures by the previous administration.

Google recommends users and organizations apply patches quickly and keep software fully up-to-date to protect against this type of attack. We’ve listed the best malware removal tools to help you stay protected.

More from TechRadar Pro

• Check out our pick of the best endpoint protection software around
• Notorious Russian hackers target government officials
• Take a look at our pick of the best firewall software