State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Googles Threat Analysis Group (TAG) uncovered in-the-wild exploit campaigns targeting Mongolian government websites between November 2023 and July 2024. TAG attributes the attack to the Russian government-backed actor APT29 tracked by Microsoft as Midnight Blizzard. The attackers utilized exploits similar to those used by commercial surveillance vendors Intellexa and NSO Group.