Google Reveals ‘Watering Hole’ Attack Targeting Apple Device Owners | #firefox | #chrome | #microsoftedge

Google’s Threat Advisory Group (TAG) has revealed that hackers used compromised websites, a variety of vulnerabilities, and sophisticated malware to gain access to iOS and macOS devices in a campaign that appeared to be loosely targeted at citizens of Hong Kong.

TAG says it “discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group” in August. This kind of attack doesn’t typically have a specific target, opting instead to focus on a broad demographic, such as Apple device owners who are curious about the political goings-on in Hong Kong.

The campaign reportedly exploited a zero-day vulnerability (CVE-2021-30869) in macOS Catalina that TAG promptly disclosed to Apple, which released a patch on Sept. 23. TAG says the attack exploited several previously known vulnerabilities in the WebKit rendering engine used by Safari on iOS and macOS, too, which means the security flaws weren’t completely novel.

The attackers used this exploit chain to install a backdoor on vulnerable devices that visited the compromised websites. TAG says this backdoor contained modules that could be used to identify compromised devices; record audio, capture the screen, and install a keylogger; download and upload files; and execute terminal commands as the root user.

“Based on our findings,” TAG says, “we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code.” (It stops just short of attributing the attack to a particular entity, however.)

Recommended by Our Editors

TAG’s blog post includes more details about how it analyzed this campaign along with indicators of compromise that can be used to determine if a device was affected by the attack. The group says it plans to share information “surrounding another, unrelated campaign we discovered using two Chrome 0-days (CVE-2021-37973 and CVE-2021-37976)” sometime “soon.”

Like What You’re Reading?

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

function facebookPixelScript() { if (!facebookPixelLoaded) { facebookPixelLoaded = true; document.removeEventListener('scroll', facebookPixelScript); document.removeEventListener('mousemove', facebookPixelScript);

!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window, document,'script','//');

fbq('init', '454758778052139'); fbq('track', "PageView"); } }

Original Source by [author_name]

Posted in Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

+ sixty seven = 76