The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.
Further Reading
SolarWinds hackers are back with a new mass campaign, Microsoft saysIn a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a “likely Russian government-backed actor” exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn.