According to Maddie Stone, an employee of Google Project Zero, the hacker team is very technically savvy, consists of real professionals in their field and knows about vulnerabilities that are still unknown. All detected exploits are designed for browsers, operate on the wateringhole principle, and use infected websites. The general principle is as follows: an “attack” compromises a site that the owner of the device visits regularly, and then embeds malicious code into the page of this site. The malware automatically redirects the user to an extensive infrastructure, where an exploit is installed on the device that matches the type of device and browser version. As a result, the Trojan gets elevated access rights to the system.
The proof of the professionalism of the hackers is that their software easily programs the Google Chrome browser for Windows, and is also able to receive increased privileges through Safari in iOS 11-13. To hack Android 10, the Samsung browser and the same Google Chrome are used. The Windows version of the browser is infected completely in one “run”, but a chain of sequential exploits is used to gain access to mobile browsers – this is necessary to bypass the protection of iOS and Android.
In February 2020, the same group of hackers allegedly carried out large-scale attacks on Android and Windows users. A few months later, similar attacks were recorded on iOS devices. According to information from Google Project Zero, at the moment the vulnerabilities are still being exploited, however, there have been no successful attacks on devices running iOS 14 and Android 11.