Commercial Spyware Vendors Have a Copycat in Top Russian APT
Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.
Spyware coverage examines reported incidents, technical analysis, infrastructure, disruption efforts, and defensive guidance on unauthorized monitoring.
Search across headline titles and summaries.
Background for this topic.
Spyware is malicious software that covertly monitors a device or user and sends collected information to an unauthorized party. Depending on its capabilities, it may capture keystrokes, credentials, messages, files, browsing activity, or location data, and may use microphones or cameras when permissions or vulnerabilities allow it. The term covers both broadly distributed malware and more specialized surveillance tools, so reporting should identify a family or tool only when evidence supports it.
Spyware commonly reaches systems through deceptive applications, malicious attachments, bundled software, or exploitation of unpatched software; the relevant exposure depends on the reported case. Security teams should prioritize timely vulnerability and application updates, restrict installation and permissions, and use endpoint or mobile telemetry to detect unusual collection or outbound connections. Suspected infections require isolation and evidence preservation, followed by credential rotation from a trusted device and assessment of what privacy-sensitive data may have been accessed. These findings can also inform legal or regulatory handling where monitoring involved personal or confidential information.
Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.
Russia's Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.
In a campaign targeting Mongolian government websites, Russian-backed APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa
Google researchers note the similarities, can't find a link Google's Threat Analysis Group (TAG) has spotted a disturbing similarity in attack tactics used by commercial spyware vendors and Russia-linked attack gangs.…
The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. [...]