Alleged Government Hackers Exploit Mac Users Who Visited HK Pro-Democracy Sites

Alleged government-sponsored hackers have reportedly used flaws in macOS and iOS to install malware on Apple devices that visited Hong Kong-based media and pro-democracy websites.

According to Google’s Threat Analysis Group (TAG), the hackers used watering hole attacks against visitors of Hong Kong pro-democracy outlet that exploited an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina which created a backdoor.

Once a device has been breached, a malware was installed in the background that could download files or exfiltrate data, conduct screen capturing and keylogging, record sounds, and take control of the device.

The malware also made a “fingerprint” of each victims’ device for identification but there was no explanation for the function/

It is not yet known how the malware made its way into the website while there are no reports yet on who fell victim to the attack.

“Based on our findings, we believe this threat actor to be a well-resourced group, likely state-backed, with access to their own software engineering team based on the quality of the payload code,” said TAG.

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.