Google’s Digital Threat Analysis Group (TAG) this week unveiled a spy campaign focused on users of Apple devices. The attacks hit both iPhones and Macs and were most severe on Apple’s desktop operating system, where they took advantage of a zero-day flaw to assume advanced privileges and execute malicious code, in attacks aimed at prominent individuals.
Exploitation against iOS is a little simpler, with accessing malicious or defaced websites through the Safari browser can lead to malware execution. In the case of macOS, we are talking about an opening that could lead to the installation of a backdoor that, afterward, would work hidden on the computer, not being detected even by security solutions while communicating with a control server to register images of the screen and what is typed, as well as biometric information, microphone audio, and files available in memory.
The report published by Google indicates that this is a politically motivated spying campaign, focused on Hong Kong users and possibly financed by a rival nation. The sophistication of the attacks is indicative of this, as well as the quality of the malicious code, suggesting the existence of an advanced group of exploit developers focused precisely on operations of this category, without financial or mass-spreading purposes.
At the center of criminals’ attention was CVE-2021-30869, a vulnerability that was fixed in September by Apple, in the macOS Catalina update, after about a month of being exploited by criminals. The security team did not go into details, but it did mention that the victims included a media company and two political parties; the scope of the commitments was also not disclosed.
Even though this is a specific and targeted attack, the recommendation to all macOS users is to update operating systems to the latest version. This ensures mitigation not only of this but other blows whose entry doors may have already been closed. Google has also published technical details of the exploit and indicators of compromise that can be analyzed by potential victims.
Source: Google TAG