Security News > 2020 > April > Chinese Hackers Using New iPhone Hack to Spy On Uyghur Muslims

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang.

Watering Holes Attacks Targeting Uyghur Websites The malware campaign previously exploited as many as 14 vulnerabilities spanning from iOS 10 all the way through iOS 12 over a period of at least two years via a small collection of malicious websites that were used as a watering hole to hack into the devices.

According to Volexity, Insomnia was loaded on the iOS devices of users using the same tactic, granting the attackers root access, thereby allowing them to steal contact and location information, and target various instant messaging and email clients, including Signal, WeChat and ProtonMail.

The new watering hole attacks compromised six different websites, which, when visited, loaded the Insomnia implant on the device.

"These more recent findings confirm the suspicion that the attackers were indeed likely the same. It can now be confirmed that in the past six months, Uyghur sites have led to malware for all major platforms, representing a considerable development and upkeep effort by the attackers to spy on the Uyghur population."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/BslYHgvaExo/iphone-zero-day-exploit.html