Hackers and Macs of a large number of people are being targeted by hackers in relation to Hong Kong's democratization movement

A demonstration of the Hong Kong democratization movement held in London in July this year.Activities are still being developed around the world.

A clever hacker used a defect between MacOS and iOS, which revealed that malware was installed on Apple terminals accessed Hong Kong -based media and democratic promotional websites. Hong Kong's response to the National Safety Maintenance Law is a "striking road" for a tech company, which is called a "drinking place attack -type attack", and was implemented at the latest after late August. Unfortunately, the backdoor is set up separately on the iPhone or Mac that has been affected by the damage, and its attack target is extensive. Apple has already revised various bugs that allowed this attack. However, a report on Google's Threat Analysis Group (TAG) on November 11 (US time) reveals how aggressive the hackers were and the subjects were extensive.

Chain of multiple vulnerabilities

This attack is one of the cases in which the attacker abused a system vulnerability (zero -day vulnerability) that had not been released. However, the attacker group, where the shadow of the nation is visible and hides behind, emphasizes the scale of the attack, rather than a targeted attack that aims for highly valuable people like journalists and opposition. According to Google's TAG report, the attack focuses on the infringement of the Hong Kong website of the "Labor and Political Organizations of Media and famous democratic promotion groups." It is unknown how hackers have violated these sites. However, the malware distributed via the website operates on the background once installed on the victim's terminal, such as downloading files, leaks data, recording of screen capture, key input history, and sound recording. I was able to execute the operation. In addition, it generates data that is a "fingerprint" to identify the victim's terminal. Attacks on iOS and MacOS have different approaches, but all of them can chain multiple vulnerabilities so that attackers can control the victim's terminal so that they can install malware. TAG could not completely analyze the chain of iOS vulnerabilities, but has identified the major vulnerability of "Safari" used to execute the attack. For example, in MacOS, webkit vulnerabilities and kernel bugs were abused. All of these have finished the correction this year. The vulnerability of MacOS used for the attack was announced by Pangu Lab at a conference in April and July. Pangu Lab researchers emphasized the "large -scale software engineering results" that the malware sent to the target in the drinking ritual attack was "a result of large software engineering." This malware is designed to be modularized, which is likely to be able to develop different components at different timings when performing multiple attacks.