A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state.
The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also stating.
Citing sources with knowledge of the matter, TechCrunch this past weekend reported the campaign is the work of a state actor — most likely the Chinese government, which for years has sought to keep close tabs on its Uyghur minority group.
Forbes would then later confirm TechCrunch’s findings, while also reporting that the campaign was also designed to infect Android devices and Windows PCs. A Microsoft spokesperson reportedly told Forbes that the research team that discovered and publicized the malware operation “was very specific in its blog post that the recently publicized attacks used unique iPhone exploits and they have not disclosed similar information to us.” Google, meanwhile, did not provide any comment regarding its Android OS.
It was researchers at Google’s Project Zero who last week revealed the iPhone portion of the malware operation, which attempted to infect device users with a malware implant, using exploits delivered via a small number of compromised websites. Altogether, Google’s Threat Analysis Group (TAG) found five distinct iPhone exploit chains covering versions iOS 10 through the latest version of iOS 12.
Gloss