Commercial Spyware Vendors Have a Copycat in Top Russian APT

Russian-backed threat actor APT29, or Cozy Bear, was found using mobile exploits that commercial spyware vendors have used previously. These campaigns were delivered via a watering hole attack on Mongolian government websites. Google’s Threat Analysis Group suggests the authors/providers of these exploits could be the same as previous ones used by Intellexa and NSO Group. These revelations highlight how commercial surveillance industry’s exploits can be re-used by threat actors later on.