Sophisticated attacks abused chain of flaws in Q1 2020

Google’s Project Zero reported on a chain of vulnerabilities used in Q1 2020 by what is believed to be a sophisticated threat actor.

Details

• Targeting Windows and Android users, the threat actor chained together multiple flaws and delivered them from two separate servers using a watering-hole method.
• The exploit chain consisted of multiple previously-unknown vulnerabilities (0-days): four in Chrome and two in Windows. Patches for all of these vulnerabilities were available at the time of the reporting.
• The methods used in the campaign show a "well-resourced actor" with expert knowledge of engineering, coding, logging, post-exploitation techniques, and anti-analysis methods.

Why it's important

• Some of the vulnerabilities mentioned in the report do not appear dangerous on their own and are more likely to fly under the radar of security professionals.
• When vulnerabilities are chained together they can present a high threat.
• Systems that don't have auto-updates enabled may be vulnerable to the Chrome or Windows vulnerabilities mentioned in the report.
• We recommend patching as soon as possible using guidance in the References section below.

Covalence monitoring would have alerted clients if their systems were out of date, reducing the risk to these types of campaigns.

References

• Google Project Zero
• ThreatPost