Because at least In late August, sophisticated hackers used flaws in macOS and iOS to install malware on Apple devices that visited Hong Kong media and democracy websites. The so-called watering hole attack casts a large net, indiscriminately placing a back door on any iPhone or Mac, and unfortunately visits one of the affected pages.
Apple has fixed various errors that led to the launch of the event.But one report The Google Threat Analysis Team’s Thursday showed the hacker’s aggressiveness and scope of influence. This is another case of attackers exploiting previously undisclosed vulnerabilities or zero-day vulnerabilities in the wild. However, this organization, which is suspected of being state-backed, did not conduct targeted attacks on high-value targets such as journalists and dissidents, but pursued scale.
According to the TAG report, the recent attack specifically targeted the invasion of Hong Kong websites “for a media organization and a well-known democratic labor and political group.” It is not clear how hackers broke into these sites. But once installed on the victim device, the malware they distribute runs in the background and can download files or steal data, perform screen capture and keylogging, start recording, and execute other commands. It also made a “fingerprint” for each victim’s device for identification.
iOS and macOS attacks have different methods, but both link multiple vulnerabilities together so that the attacker can control the victim device to install their malware. TAG was unable to analyze the complete iOS exploit chain, but it identified the key Safari vulnerability that hackers used to initiate the attack. The macOS version involves exploiting WebKit vulnerabilities and kernel bugs. All of these were patched by Apple in 2021, and the macOS vulnerabilities used in the attack were previously introduced in the April and July conference speeches of Pangu Lab.
The researchers emphasized that the malware delivered to the target through a watering hole attack is carefully crafted and “seems to be the product of extensive software engineering.” It uses a modular design, so different components can be deployed at different times in a multi-stage attack.
As we all know, hackers supported by the Chinese government have used a large number of zero-day vulnerabilities in watering hole attacks, including activities against Uyghurs. In 2019, Google’s Project Zero unforgettable discovered such an event, which has lasted for more than two years and is one of the first public examples of iOS zero-day being used to attack a wide range of people rather than specific individual targets . This technique has also been used by other actors. Shane Huntley, director of Google TAG, stated that the team did not speculate attribution, and there was insufficient technical evidence in this case to specifically attribute the attack. He only added that “the activities and goals are consistent with the actors supported by the government.”
“I do think it is worth noting that we are still seeing these attacks, and the number of zero-days found in the wild is increasing,” Huntley said. “Increased detection of zero-day exploits is a good thing-it allows us to fix these vulnerabilities and protect users, and it gives us a fuller picture of the actual exploits so that we can make more informed decisions about how to prevent them. Decide and fight with it.”
For a long time, Apple devices have been known for their strong security and fewer malware issues, but as attackers discover and exploit more and more zero-day vulnerabilities in iPhone and Mac, this perception has changed. . As widespread watering hole attacks have now shown many times, attackers are not just targeting specific, high-value targets—they are ready to deal with the masses, no matter what equipment they have.
More exciting connection stories