Google’s Threat Analysis Group (TAG) has uncovered evidence of Russian-backed hackers using commercial spyware tools from NSO Group and Intellexa in cyberattacks. APT29, known for its ties to the Russian government, exploited zero-day vulnerabilities in iOS and Chrome to target Mongolian government websites. The hackers stole cookies and sensitive data from browsers, gaining access to valuable information. These vulnerabilities were originally intended for use by surveillance companies like Intellexa and NSO Group but were exploited by the hackers. The attacks, which occurred between 2023 and 2024, involved “watering hole” techniques, where malicious code is planted on frequently visited websites. Google warns that while commercial spyware companies claim to only sell their tools to legitimate governments, their technology is increasingly falling into the wrong hands, posing a significant risk to global cybersecurity.