State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

This report describes a sophisticated targeted watering‑hole campaign (observed July 2024) that delivered exploit chains against iOS and Chrome to bypass platform protections and exfiltrate authentication cookies and device information from high‑value sites (Google, Microsoft, LinkedIn, iCloud, etc.). The iOS payload reuses a cookie‑stealer framework linked to previous government‑backed activity and uses JIT/PAC bypasses, while the Chrome chain includes a sandbox escape and ECDH key exchange for staged payload delivery.