The Russian state-sponsored hacking group APT29 (Cozy Bear, Midnight Blizzard) has been observed reusing exploits originally deployed by commercial spyware vendors Intellexa and NSO Group to conduct watering hole attacks targeting Mongolian government websites. These campaigns, spanning from November 2023 to July 2024, involved sophisticated techniques designed to deliver malicious payloads to unsuspecting visitors. The reused exploits, which were initially intended for surveillance and espionage, highlight the growing concern of threat actors leveraging commercially available tools for their own malicious purposes.