Russia’s APT29 using spyware exploits in new campaigns

Google’s Threat Analysis Group suggests Russia’s APT29 targeted unpatched Apple and Google devices via spyware-like attacks from November 2023 to July 2024. The group, also known as Cozy Bear and Nobelium, is suspected to have exploited iOS WebKit and Android Chrome defects through so-called ‘watering hole’ attacks on Mongolian government websites. Google said the exploits resembled techniques used by spyware firms Intellexa and NSO Group. Both Apple and Google were alerted to the attacks.