Connect with us

News

Google Chrome Exploit Results In Attack On Lebanese Journalists

According to antivirus company Avast, there is evidence that an Israeli spyware firm called Candiru used a vulnerability in Google Chrome to spy on journalists in Lebanon.

Published

2 years ago

on

google chrome exploit results in attack on lebanese journalists

In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.

Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.

It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.

A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.

Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.

Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.

devilstongue exploit

In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.

Also Read: DDoS Attacks Are A Growing Threat In Gaming

Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.

Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.

Related Topics:
Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 17K+ SUBSCRIBERS

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

UAE Prepares To Launch Two Satellites: Thuraya-2 And MBZ-SAT

HH Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum chaired the first meeting of the Supreme Space Council yesterday.

Published

5 days ago

on

December 17, 2024

By

uae prepares to launch two satellites thuraya-2 and mbz-sat

HH Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Deputy Prime Minister of the UAE, chaired the first meeting of the Supreme Space Council in Dubai on December 16, 2024. The session highlighted the UAE’s ambitious space plans and took stock of the sector’s economic progress.

The council emphasized the growing role of private companies in advancing space technologies, noting that their contributions are now equal to that of the public sector. Members also praised initiatives like the Space Economic Zones Programme, which are designed to fuel innovation and investment in the space industry.

Discussing the UAE’s space journey, HH Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum remarked, “The national space sector continues to grow and advance, and we take immense pride in the remarkable achievements we have accomplished over the years”.

Sheikh Hamdan also received updates on two upcoming satellite projects: Thuraya-2 and MBZ-SAT. Thuraya-2, developed by Space42, is slated for launch this December. Meanwhile, the MBZ-SAT, created by the Mohammed Bin Rashid Space Centre (MBRSC), will soon follow. MBRSC, a major driver of the UAE National Space Programme, continues to lead the nation’s space-related developments.

Space42 took the opportunity to showcase its advancements, including ongoing collaborations between public and private entities. The company also outlined strategies to promote innovation, boost revenue streams, and create new opportunities for growth in the sector.

Also Read: IBM Opens New Doha Office To Support Qatar’s Digital Growth

The UAE’s current projects build on a growing legacy of space exploration. Back in 2020, the nation made headlines with its Mars mission, successfully sending a probe into the planet’s orbit in 2021. This mission, which is now in its second phase as of June 2024, has been collecting critical data to develop a comprehensive diurnal image of Mars.

The UAE also ventured into lunar exploration with an unmanned mission aimed at studying untouched regions of the Moon’s surface. While the probe ultimately crashed during its landing attempt after communication was lost seconds before touchdown, the effort represented a significant step in the country’s exploration ambitions.

Continue Reading

#Trending