Complex hacking campaign targets Windows, Android users with zero days

Complex hacking campaign targets Windows, Android users with zero days

Google’s Project Zero research team has detailed a sophisticated hacking operation it discovered last year which was aimed at owners of Windows and Android devices. The watering hole operation exploited vulnerabilities in Windows and Chrome in order to install malware on devices.


The researchers said they discovered two exploit servers delivering different exploit chains via watering hole attacks. One server targeted Windows users, the other targeted Android. Both the Windows and the Android servers used Chrome exploits for the initial remote code execution, including zero day flaws. For Android, the exploit chains used publicly known n-day exploits, Google said.


The team believes that based on the campaign’s sophistication the threat actor behind it likely had access to Android zero days, however, they did not find any such exploits during their investigation.


The researchers were able to extract contents of the servers, including:



  • Renderer exploits for four bugs in Chrome, one of which was still a 0-day at the time of the discovery.




  • Two sandbox escape exploits abusing three 0-day vulnerabilities in Windows.




  • A “privilege escalation kit” composed of publicly known n-day exploits for older versions of Android.



  • As for the Chrome zero days, they were as follows:



  • CVE-2020-6418 - Chrome Vulnerability in TurboFan (fixed February 2020)




  • CVE-2020-0938 - Font Vulnerability on Windows (fixed April 2020)




  • CVE-2020-1020 - Font Vulnerability on Windows (fixed April 2020)


  • ..