Google reports that 'Russian government hackers were attacking European government officials by exploiting a zero-day vulnerability in iOS.'

Google's threat analysis group has released details on four new zero-day vulnerabilities: two in Chrome, one in Internet Explorer, and one in WebKit (Safari). Among these four types, the vulnerability of WebKit is said to have been 'used by a hacker who may be supported by the Russian government', and it has been reported by the media companies.

How we protect users from 0-day attacks
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

iOS zero-day let SolarWinds hackers compromise fully updated iPhones | Ars Technica
https://arstechnica.com/gadgets/2021/07/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials/

Annoying LinkedIn Networkers Actually Russian Hackers Spreading Zero-Days, Google Says
https://www.vice.com/en/article/5dbk5q/annoying-linkedin-networkers-actually-russian-hackers-spreading-zero-days-google-says

Google: Russian SVR hackers targeted LinkedIn users with Safari zero-day
https://www.bleepingcomputer.com/news/security/google-russian-svr-hackers-targeted-linkedin-users-with-safari-zero-day/

The WebKit vulnerability in question is ' CVE-2021-1879 '. A hacker who may be backed by the Russian government sent a link to CVE-2021-1879 to European government officials using the message function of the business-specific SNS LinkedIn. When the target accesses the link from Safari on the iOS device, it redirects to the domain controlled by the attacker, and the attacker controls the authentication cookie of popular websites such as Google, Microsoft, LinkedIn, Facebook, Yahoo via WebSocket. I was carrying out an attack to send to IP. Please note that CVE-2021-1879 has been fixed by a security update for iOS 14.4.2 and iPad OS 14.4.2 released on March 26, 2021.

This CVE-2021-1879 campaign is believed to be closely linked to Microsoft's frequent cyberattacks from Russian government hackers. Shane Huntley, director of Google's threat analysis group, commented that he confirmed the link between the attack on the United States Agency for International Development (USAID) and the campaign to poke CVE-2021-1879. 'These two are different campaigns, but the attackers behind them seem to be in the same group,' he said.

Microsoft announces another cyberattack from Russian government-backed hacker organization-GIGAZINE

The damage caused by this CVE-2021-1879 campaign is unknown. However, Director Huntley replies, 'We send more than 4000 warnings to users each month about account intrusions by government-backed hackers and other illegal attackers.'

It should be noted that the reported vulnerability at the same time as CVE-2021-1879 is related to Chrome CVE-2021-21166 and CVE-2021-30551 , related to the Explorer Internet CVE-2021-33742 was. Two types of Chrome vulnerabilities are used in attacks that steal screen resolution, time zone, language, browser plugin, MIME type, etc. when accessing a link distributed by e-mail, and the Internet Explorer vulnerability is mhtml It was used in an attack that loaded malicious content into the engine when accessing a format file. An attack that exploits a vulnerability in Internet Explorer is believed to have been carried out by a North Korean attacker.