The “mysterious” hacking group that deployed 11 identified (possibly even more) zero-day exploits in a lengthy (nine months) operation that targeted a variety of OS users in 2020 are now revealed to be “Western Government Operatives.” This is according to MIT Technology Review, which is now reporting that Google’s Project Zero peculiar findings are actually relevant to a counter-terrorist operation launched by intelligence agencies related to the United stated and its allies.
This operation was shut down following the exposure by Google, and according to MIT, the decision to publish it actually caused internal division at the tech giant. So, what the new reports basically tell us is that Google’s Project Zero team knew who the actors were but chose not to disclose it for obvious reasons, even though the report was published with full details. To be more precise, Project Zero doesn’t attribute activities, but Google’s Threat Analysis Group (which was also involved in this) does, and they omitted the crucial details this time.
According to a former official and expert in the field who spoke to MIT on condition of anonymity, western government operatives use code and techniques that are unique to them and not to be found in other entities like Russian, Chinese, or North Korean hacking groups. However, no actual details were given, so we don’t know exactly what these "hallmarks" constitute. Exploiting 11 zero-day flaws across so many different software products and platforms in such a short period of time is certainly impressive. Still, we wouldn’t want to make any assumptions here.
Of course, Google couldn’t ignore the zero-days just because they were used to fight terrorism or whatever, as the existence of flaws can open the door to foreign operatives too. We don’t know if Google notified the agencies involved before the publication or delayed the publication to allow the “friendly” hackers to complete a critical operation phase. Whatever happened, for sure, Google was in a difficult position with this one.
The same former senior US intelligence official said that these groups don’t have the capacity to re-establish their operation as quickly as other players, so the disruption in the counterterrorism mission could have been severe. As the person said, Google’s ability to shut down such an operation is likely to be the source of more conflict between Western governments and the tech firm.