Hackers Target Apple Devices in Hong Kong for Widespread Attack
Since at least in late August, sophisticated hackers exploited the flaws macOS and iOS to install malware on Apple devices that visit Hong Kong-based media and pro-democracy websites. The so-called watering hole attack releases a wide net, with no choice but to put a backdoor on any iPhone or Mac that can’t properly visit one of the affected pages.
Apple patched various bugs that allowed the campaign to be unlocked. But a report Thursday from Google’s Threat Analysis Group shows how aggressive hackers are and how wide they reach. This is yet another case of undisclosed vulnerabilities, either zero-days, pagka exploited in the forest of attackers. Instead of a targeted attack targeting high-value targets such as journalists and dissidents, however, the suspected state-backed group persisted.
The recent attacks have specifically focused on compromising Hong Kong websites “for a media outlet and a prominent pro-democracy labor and political group,” according to the TAG report. It’s unclear how hackers compromised startup sites. But once installed on the victim’s devices, the malware they are distributing runs in the background and can download files or exfiltrate data, perform screen capturing and keylogging, start audio recording. , and execute other commands. It also creates a “fingerprint” on each of the victims ’devices for identification.
The iOS and macOS attacks have different methods, but both chain multiple vulnerabilities to allow attackers to control the victim’s devices in order to install their malware. TAG was unable to analyze the entire iOS exploit chain, but identified the underlying vulnerability in Safari that hackers used to launch the attack. The macOS version involves exploiting a WebKit vulnerability and a kernel bug. Everything will be patched by Apple throughout 2021, and the macOS exploit used in the attack was previously presented at the April and July conference talks at Pangu Lab.
The researchers stressed that the malware delivered to the targets by attacking the watering hole was carefully crafted and “seems to be a product of a lot of software engineering.” It has a modular design, perhaps different components can be used at different times in a multistage attack.
Chinese state-backed hackers are known to use an excessive number of zero-day vulnerabilities in watering hole attacks, including campaigns targeting Uighurs. In 2019, Google’s Project Zero memorable digging one of that campaign which has been going on for more than two years, and is one of the first public examples of iOS zero days being used in attacks on a wider population than on specific, individual targets. The technique is also used by other actors. Shane Huntley, director of Google TAG, says the team didn’t think about the identification and didn’t have enough technical evidence in this case to specifically identify the attacks. He only added that “the activity and targeting is in line with a government-backed actor.”
“I think it’s amazing that we’re still seeing these attacks and the number of zero-days seen in wild people is increasing,” Huntley said. “Increasing our recognition of zero-day exploits is a good thing — it allows us to fix vulnerabilities and protect users, and gives us a more complete picture of the exploitation that actually happened. so we can make more informed decisions on how to prevent and fight it. ”
Apple devices have long had a reputation for stronger security and fewer malware problems, but this perception has evolved as attackers have detected and taken advantage of more and more zero-day security. vulnerabilities in iPhones and Macs. As has been shown many times today with wide watering hole attacks, attackers are not just looking for specific, high-value targets — they are ready to fight the majority, no matter what. device they own.
Many More Great WIRED Stories