Google Unearths Government-Backed Hack Campaign Targeting Macs in Hong Kong

BY Chandraveer Mathur

Published 12 Nov 2021

hackers MacBook

Researchers at Google’s Threat Analysis Group (TAG) caught hackers targeting Mac users in Hong Kong by exploiting zero-day system vulnerabilities. The researchers claim the attacks have the telltale signs of government-backed hackers.

In a report published on Thursday, TAG revealed that it discovered the campaign late in August this year. The hackers created a watering hole attack. The malware was hidden within legitimate websites of “a media outlet and a prominent pro-democracy labor and political group” in Hong Kong. When unwary users visited the website, their Macs were compromised by the zero-day exploit paired with another exploit. The latter used previously-patched vulnerabilities in macOS so hackers could install a backdoor on the victim’s computers.

The security researchers were able to trigger the exploits and study them by visiting the compromised websites. The sites could reportedly exploit both iOS and macOS, but the researchers could only retrieve the exploit chain for the latter. The head of TAG, Shane Huntley, told Motherboard that the zero-day exploit used by this campaign resembles an exploit discovered by cybersecurity research group Pangu Lab.

This vulnerability was presented at a security conference in China in April, a few months before the hackers used it to target Mac users in Hong Kong. The exploit still worked because it was presented as one that targeted Big Sur, but Google researchers discovered that it also worked on macOS Catalina. Because the vulnerability remained unpatched on Catalina, Google classified it as a zero-day exploit.

Addressing the question of the hackers’ identity, Huntley said, “We do not have enough technical evidence to provide attribution, and we do not speculate about attribution. However, the nature of the activity and targeting is consistent with a government-backed actor.”

Apple has since patched the macOS zero-day vulnerability in an update released on September 23 (Security Update 2021-006 for macOS Catalina). Pangu Lab and Apple did not respond to Motherboard’s request for comment.

[Via Google]

Related Articles

iOS 16.1

iOS 16.1, iPadOS 16.1, and macOS Ventura Release Time on October 24

Sriansh
iPad Pro Unsplash

Rumor: Apple Testing Touch-Optimized macOS Version for M2 iPad Pro

Sriansh
Fix iOS 15 WiFi issues on iPHone

iOS 15.6 and macOS 12.5 Fix Major Security Vulnerabilities

Sriansh

All New macOS Ventura Features

Parth Shah
must-have-ipad-pro-pencil-apps-featured

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

Read More

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

Read More
Apple volunteer

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,

Read More

Want to know more about apple Products

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Cancel