[ad_1]
At least since then in late August, sophisticated hackers used the bugs macOS and iOS They visited Hong Kong-based media and pro-democracy websites to install malware on Apple devices. The so-called irrigation attacks create a vast network, putting the back door on any iPhone or Mac unfortunate to visit one of the affected pages.
Apple has patched up the various flaws that allowed it to develop the campaign. But a report On Thursday, Google’s Threat Analysis Group shows how far the hackers were attacked and how far their reach was extended. This is another case of previously unseen vulnerabilities, or zero days, creature exploited in the wild at the hands of the attackers. Rather than a targeted attack focused on high-value targets like journalists and dissidents, however, the state-backed alleged group made the scale.
The latest attacks were specifically aimed at compromising Hong Kong’s websites “for a media outlet and for a major pro-democracy labor and political group,” according to the TAG report. It is unclear how hackers started threatening these sites. But installed on victims ’devices, distributed malware could run in the background and download files or extract data, perform screen capture and keylogging, start audio recording, and run other commands. He also made a “fingerprint” of each victim’s device to identify them.
The iOS and macOS attacks had different perspectives, but both were chained to multiple vulnerabilities so that attackers could take control of the victims ’devices to install their malware. The TAG was unable to analyze the entire iOS operating chain, but identified the main vulnerability in the Safari that hackers used to launch the attack. The MacOS version exploited a WebKit vulnerability and a kernel bug. Apple patched them all up in 2021, and the macOS exploit used in the attack was presented at talks in April and July by Pangu Lab.
The researchers point out that the malware sent to targets through the irrigation attack was carefully crafted and “appears to be a product of extensive software engineering.” It had a modular design, perhaps with different components that could be deployed at different times in a multi-stage attack.
Hackers backed by Chinese states have reportedly used strange amounts of vulnerabilities for zero days in irrigation attacks, including campaigns targeting Uighurs. In 2019, Google’s Project Zero he memorized such a campaign that lasted more than two years, and iOS was one of the first public examples of zero days in attacks on a wide population, rather than being used for specific and individual purposes. The technique has also been used by other actors. Shane Huntley, director of Google TAG, says the team does not speculate about the assignment and in this case does not have enough technical evidence to accurately attribute the attacks. “The activity and purpose are in line with a government-sponsored agent,” he added.
“I think it’s remarkable that we’re still seeing these attacks and that the number of zero-days found in the wild is increasing,” says Huntley. “Increasing the detection of zero-day farms is a good thing: it allows us to fix these vulnerabilities and protect users, and gives us a complete picture of what is really happening, how to prevent further decisions, and fight.”
Apple devices have long had a reputation for having strong security and less malware issues, but this perception has evolved as attackers have found and exploited more and more zero-day vulnerabilities on iPhones and Macs. Extensive attacks have now often shown that attackers are not only pursuing specific goals and high values; they are ready to take on the masses, whatever their devices.
WIRED More great stories
[ad_2]
Source link
