Google's recently disclosed "malware campaign" against iOS, Android and Windows users turned out to be a counter-terrorism operation.
Google conducts some of the most significant cybersecurity operations in the world. For example, its Project Zero team finds dangerous vulnerabilities, and the Threat Analysis Group specializes in protecting against attacks by hackers working for the governments of North Korea, China and Russia. Recently, both divisions caught a "big fish" - they identified a group of highly skilled hackers exploiting 11 vulnerabilities in iOS, Android and Windows. However, as it became known to the MIT magazine MIT Technology Review, the "malicious campaign" discovered by Google turned out to be a joint counter-terrorism operation carried out by the special services of Western countries. The company's unilateral decision to halt and publicize the operation sparked internal divisions at Google and raised questions in the US intelligence community and its allies.
As a reminder, in a series of publications, Google talked about a large-scale malicious campaign that took place from February to October 2020. Along with known vulnerabilities in iOS, Android and Windows, the attackers also exploited unknown zero-day vulnerabilities. A technique known as a watering hole was used to infect devices with malware. Victims were lured to hacked legitimate resources or fake websites that looked like real ones, from where malware was downloaded to their systems.
In its publications, the company did not disclose who was behind the attacks or who was the victim. Important information about the malware and the domains used in the operation was also not disclosed, for which many information security experts criticized the Google report, calling it a "black hole".
Information security companies regularly cover vulnerabilities exploited by the governments of friendly countries, but almost never inform the general public about it. While some Google employees are of the opinion that counterterrorism operations should not be made public, some of their colleagues are convinced that by publicly disclosing the operation, the company acted lawfully and in the interests of users to make the Internet safer for them.
“The goal of Project Zero is to discover and fix zero-day vulnerabilities and publish technical studies so that the research community can better understand new security holes and how to exploit them. We believe that the publication of this study will lead to the development of better protection strategies and increased safety for everyone. As part of the study, we are not trying to find out who is behind the attacks, ”the press service of Google said.
Project Zero doesn't really figure out who is behind the attacks, but the Threat Analysis Group does. While the company's report did omit a lot of details, it knew perfectly well who was behind the operation and why. Whether Google warned the governments of the countries involved about its intention to publicize their campaign is unknown.