The author of these attacks is not a small player. Thanks to an operational error of the attacker, Google was able to recover at the beginning of the year on these websites five different operating chains, covering the iOS 10 to iOS 12 systems. They relied on a total of fourteen vulnerabilities of two of which were 0-day at the time of their discovery (CVE-2019-7287, CVE-2019-7286). Given the risk, Google has given Apple a one-week delay to fix them. The patch in question was released on February 7, 2019, under the iOS version number 12.1.4.
Theft of sensitive data and geolocation
The existence of such an arsenal, whose value would exceed several million dollars in the market for cyber weapons, shows that this is a group of pirates who invested themselves so "Sustained" in the hacking of iPhone users in "Certain communities", says Google. And this is probably only part of the iceberg. "There are certainly others (campaigns of this type) that we have not yet detected," explains Ian Beer.
The various operating chains allowed hackers to escape the Safari sandbox and execute arbitrary code with root privileges, which ultimately allowed them to run a fairly complete spyware program in the background. . This allowed, among other things, to steal the databases of the main messengers (WhatsApp, Telegram, iMessage, Hangouts, Gmail), siphon sensitive data such as the address book, photos or keychain IDs. GPS location data was also transferred every minute if the terminal was connected to the Internet. However, the cookie was not persistent and disappeared when the device was restarted.
Who is behind this campaign? Hard to say at this point. Google does not provide details on the identity of hacked websites or the profile of victims. In his blog note, Ian Beer alludes to cyber-surveillance of potential dissidents, suggesting that this is an operation of authoritarian government. For his part, security researcher Lukaz Olejnik is betting that this is a surveillance operation targeting ethnic minorities in China. But it's only an hypothesis.
Breadcrumbs in the story of ethnic minority groups in China. Now let's wonder which of these days? Goal C & C servers not disclosed.
– Lukasz Olejnik (@lukOlejnik) August 30, 2019
Source: Google Project Zero