Security News > 2020 > April > Chinese Threat Actor Targets Uyghurs With New iOS Exploit
A Chinese threat actor tracked as Evil Eye has updated the tools it uses to target Uyghurs, a minority Turkic ethnic group in the Xinjiang Uyghur Autonomous Region in Northwest China, incident response and threat intelligence firm Volexity reports.
Starting January 2020 the threat actor resumed operations, with signs of activity identified "Across multiple previously compromised Uyghur websites."
As part of the new attacks, Evil Eye launched an exploit chain using the open source framework IRONSQUIRREL, targeting iOS devices to abuse a WebKit vulnerability that was patched in the summer of 2019.
Successful exploitation of vulnerable systems results in a new version of the threat actor's implant being delivered, which Volexity refers to as INSOMNIA. The security firm says it observed multiple different attacks installing the implant on iOS devices.
The researchers also suggest the threat actor might have a method for manually gaining persistence on verified targets.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- Australian IT Pros Urged to Guard Against Chinese Cybersecurity Threats (source)
- Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents (source)