Google’s threat analysis group has again linked the Spanish company Variston to a digital espionage campaign. In a post published recently, the experts of the famous search engine have indeed detailed the results of their analysis of two separate malicious campaigns targeting the Android and iOS mobile operating systems, as well as the Chrome browser.
While these two operations exploited undisclosed vulnerabilities, they also relied on already public flaws, thus using to their advantage the delay between the publication of a patch and its actual deployment on user terminals.
Google, which claims to track more than 30 spyware vendors, already looked into Variston’s activities last December, in a post detailing a chain of vulnerabilities dubbed “Heliconia.”
Targets in the United Arab Emirates
The latest malicious campaign associated with Variston – observed in December 2022 by Google experts – took advantage of flaws in Samsung’s Chromium-based browser to target users located in the United Arab Emirates.
After sending an SMS, a sequence of exploitation of several vulnerabilities, unknown or recently corrected, allowed the attacker “to compromise a fully corrected Samsung Android device”, relates Amnesty International in a press release.
The NGO, which did not wish to name the company, notes that this attack has all the characteristics of an “advanced operation developed by a commercial cyber-surveillance company” sold to government services in order to carry out targeted attacks. .
Targeted attacks
The other campaign analyzed by Google took place in November 2022: phishing attempts by SMS to targets in Italy, Malaysia and Kazakhstan were observed. The attackers – who here are not directly associated with Variston by Google experts – notably spoofed the page of an Italian logistics company.
In Europe, the scandal around the spying of personalities targeted by the Pegasus spyware from the company NSO Group had led to the launch of a commission of inquiry in the European Parliament. Work is still in progress.
As Google reminds us, this sulphurous industry entails a risk of proliferation of dangerous hacking tools that can notably target dissidents, journalists or human rights defenders.