🚀 go-pugleaf

A few days ago, Google Project Zero security researchers
detailed a chain of malicious website exploits targeting iPhone
users. Now, TechCrunch reports that the Chinese government used
these attacks to target Uyghur Muslims.

Citing sources familiar with the matter, TechCrunch says that
the malicious websites used to hack into iPhones, first detailed
by Google, were part of a “state-backed attack,” likely from
China, designed to “target the Uyghur community in the country’s
Xinjiang state.”

The report goes on to detail that according to United Nations
data, Beijing has detained “more than 1 million Uyghurs in
internment camps” over the last year.

Google researchers first explained that the victims were tricked
into opening a link which would direct them to an infected
webpage. On that webpage, the malware was deployed. The implant
“primarily focused on stealing files and uploading live location
data,” as often as every 60 seconds. Because the end device
itself had been compromised, services like iMessage were also
affected, researchers said.

When Google security researchers first detailed this attack, it
was unclear who it was specifically targeting. TechCrunch’s
report now provides more detail on that.

The websites were part of a campaign to target the religious
group by infecting an iPhone with malicious code simply by
visiting a booby-trapped web page. In gaining unfettered access
to the iPhone’s software, an attacker could read a victim’s
messages, passwords, and track their location in near-real time.

The report adds that the websites in question would also infect
non-Uyghurs who happened to visit the infected website. The
domains were indexed in Google search results, which made it
relatively easy for anyone to stumble upon them.

Apple closed the vulnerability taken advantage of here with the
release of iOS 12.1.4 back in February. Apple has not yet
commented on these new reports detailing the scope and target of
the attacks.

https://9to5mac.com/2019/09/01/china-iphone-attack-uyghur-
muslims/