Google’s Project Zero security researchers have published a six-part detailed analysis of a set of vulnerabilities found on two exploit servers early last year that were to be used in so-called watering hole attacks with compromised web servers used to hack targets.
The report details the work of what Project Zero says is the work of “a highly sophisticated actor” who operates a complex targeting infrastructure.
Project Zero did not indicate who the actor might be, but said the exploit chains found are designed for efficiency and flexibility through their modularity.
“They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks,” the Project Zero researchers said.
“We believe that teams of experts have designed and developed these exploit chains.”
The researchers found exploits for four bugs in the Google Chrome web browser, one