MacOS Zero-Day Used against Hong Kong Activists
source link: https://www.schneier.com/blog/archives/2021/11/macos-zero-day-used-against-hong-kong-activists.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
MacOS Zero-Day Used against Hong Kong Activists
Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.
From an article:
Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report.
In addition, the zero-day exploit used in this hacking campaign is “identical” to an exploit previously found by cybersecurity research group Pangu Lab, Huntley said. Pangu Lab’s researchers presented the exploit at a security conference in China in April of this year, a few months before hackers used it against Hong Kong users.
The exploit was discovered in August. Apple patched the vulnerability in September. China is, of course, the obvious suspect, given the victims.
Tags: activism, Apple, China, cybersecurity, exploits, Google, hacking, zero-day
Posted on November 12, 2021 at 9:07 AM • 7 Comments
- not connected to Facebook
- not connected to Twitter
- SettingsPermanently enable share buttons:FacebookTwitter
Comments
Clive Robinson •
@ Bruce,
China is, of course, the obvious suspect, given the victims.
Yes but one oddity,
“… “identical” to an exploit previously found by cybersecurity research group Pangu Lab, Huntley said. Pangu Lab’s researchers presented the exploit at a security conference in China in April of this year, a few months before hackers used it …”
Why use a publicly known vulnarability?
At the very least it is likely to get fairly quickly patched.
But there is also the “bluff, double bluff” aspect.
Using the “zero-day” exploit in the hacking campaign against Hong Kong activists, is shall we say “a little obvious”.
After a few moments thought it will be realised that the exploit was not realy a “zero-day” because of that “security conference in China” where it was presented. So it would have been “Known” to all the major SigInt and other IC entities very very shortly there after if not a little before (or even a lot before).
We know the CIA has “False Flag Operation” tools that can make any malware look like it has come from somewhere else because of the daft way attribution is decided in the US. It is also a fair assumption that all the Super-Powers, all Western, first-world, and quite a few second-world and corporate entities have such tools as well, and just about anyone else who grabed a copy of that CIA tool set and could re-engineer it.
So the code could have come from anywhere.
Which begs a whole bunch of questions, one of which is,
1, Was it a false flag operation that was ment to be found, look like China, thus China gets blaimed / embarrassed.
We know it’s possible like we also know there is a very long que of entities that would gain from such an operation. Nearly all nations around the South China seas where China is extending it’s sphere of influence would be at the front of that que.
2, Was it China giving it’s self “plausable deniability”.
That is use it assuming it will be found but giving themselves lots of finger pointing room…
The fact is that “atribution” without real “boots on the ground” HumInt is at best more miss than hit.
For instance the world mostly saw stuxnet as an attack on Iran, even though there was clear evidence at the time it was aimed at the Far East, especially North Korea. Some identified it as such even before the North Koreans made it abundantly clear they had significant reason to believe they were the target. The various organisations who examined the code all fell into line that it was aimed at Iran. Eventually it came out that yes for the US the target of stuxnet was North Korea. For some of us “no surprises there”.
Speaking of which, the South Korean Olympics. We know that both the NSA and CIA are all over a host nations telecommunications, even if the host nation does not in any way “want such help”. So South Korea would have been effectively “owned by them”, yet a major cyber-attack happened… The US just “knee jerk” attributed it to North Korea, even though North Korea was on the frendliest of terms with South Korea for many years. I guess it realy astounded the Russian’s who had carried out the attacks quite overtly to send a message to the IOA over Russia being baned due to “dopping scandles”…
So it the alledged experts realy can not do attribution so badly, it leaves open so many opportunities for bluff and double bluff etc.
Whilst I would not in the slitest rule China out, I would role quite a few nations in as well, and quite a few of those low life corporations.
In fact, I would not be surprised to hear eventually it was someone like the NSO Group or other Israeli “Cyber-weapons-4-All” shop, or similar backed by UK “seed money” organisation.
As normall we need mor information to evaluate / analyse, which we don’t realy have.
molliegilbert •
When you start playing a new game, it can sometimes take a short period of time to get to grips with the ranking system dota 2 bet and how everything works. This guide will help fully explain everything you need to know about Dota 2 ranks and how they work. There are a few things you need to know before breaking down each rank on the card. This is because we are focusing solely on ranked matchmaking ranks in Dota 2, so some FAQs could clear up.
When you start playing a new game, it can sometimes take a short period of time to get to grips with the ranking system and how everything works. This guide will help fully explain everything you need to know about Dota 2 ranks and how they work. There are a few things you need to know before breaking down each rank on the card. This is because we are focusing solely on ranked matchmaking ranks in Dota 2, so some FAQs could clear up.
enney Beverly •
Before jumping right into the world of Rust, a player will have to get rid of the first hurdle in the game, which is choosing the correct server. The server will either make their game experience a nightmare or a https://csgo-bets.org/csgoroll/ luxury. A player should make sure the server is available in their location. If one picks a host located on the opposite side of their area, then lag issues may occur. Therefore, selecting a random server is a big no in this game.
JonKnowsNothing •
@Clive, @All
re: Attribution vs Boots&Bothers
There are no doubts that attribution is incredibly difficult and often takes decades to sort out (booking. co m) but there are other aspects that are not at all opaque:
the real world consequences
Although even those maybe problematic due to those WanderingCamelsWithWeaponsOfMassDestruction so near and dear to a lately departed General.
Even so, there are folks disappearing in the vortexes of many governments, agencies and localities using these sorts of exploits, especially the exploits left unpatched. It maybe happenstance that APerson gets picked up after using ZApp but when ManyPersons get picked up after using ZApp there is a natural lean towards the WhomzRClosest.
As you have indicated the is a CounterPointer such as the current experience of a VeryHungryGuyWaiting4BorisToPayUP so his spouse can return home. The HungryGuy has been waiting for many years and doesn’t look like BorisWillPayAnyTimeZoom. One might guess that there is a hidden value to the NoPayNoExchange; a value that would disappear should the exchange happen. What that might be is a guess in the Attribution Game.
While the Attribution Game is ongoing in many locations, a big pointer shifts in the direction of the physical results.
eg: Gitmo did not fill up by osmosis, US planes did not change their immutable ID numbers in Ireland by themselves. One plane lands and never leaves. Another plane than never existed takes off.
- •
@Noderator:
1, molliegilbert
2, dota 2 bet
3, enney Beverly
Unsolicited Advertising for illegal services in some jurisdictions.
Leave a comment Cancel reply
LoginName
URL:
Remember personal info?
Fill in the blank: the name of this blog is Schneier on ___________ (required):
Comments:
Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/
Sidebar photo of Bruce Schneier by Joe MacInnis.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK