Serviceteam IT Security News

Chinese Uighurs were the target of an iOS malware attack lasting more than two years that was revealed last week, according to multiple reports.

Android and Windows devices were also targeted in the campaign, which took the form of “watering hole attacks”: taking over commonly visited websites or redirecting their visitors to clones in order to indiscriminately attack each member of a community.

Zack Whittaker of TechCrunch, who first reported the focus of the attack on the Uighur Muslim community in Xinjiang province, said “the websites were part of a state-backed attack – likely [by] China – designed to target the Uighur community”.

The attack is thought to be the first large-scale exploitation of iOS vulnerabilities in the history of the iPhone. Using a large number of previously undiscovered weaknesses in the operating system, the malicious websites were able to gain near-total control of visiting devices without the users becoming aware, or having to do anything other than open the website in their browser.

The campaign was discovered by researchers at Google and shut down by Apple after the company was notified.

Even before the Chinese link was reported, many researchers assumed the attack was a state-backed campaign, since the value on the open market of one “no-click jailbreak” – a vulnerability that can take control of a phone without user interaction – is more than $1m (£830,000).

While the iOS attacks were the most noteworthy, the campaign also targeted more widely used devices, according to Thomas Brewster of Forbes.

“That Android and Windows were targeted is a sign that the hacks were part of a broad, two-year effort that went beyond Apple phones and infected many more than first suspected,” Brewster wrote.

“One source suggested that the attacks were updated over time for different operating systems as the tech usage of the Uighur community changed.”

Source: The Guardian

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!