Google discovered that hackers attacked Mac users |
Google researchers have discovered that hackers exploited an unknown vulnerability in the company's Mac operating system to attack users in Hong Kong. According to researchers, these attacks are characteristic of government-sponsored hackers.
Google's Threat Analysis team has published a report detailing hacking activity. The researchers did not target specific hacker organizations or countries. But they said this is a resource-rich group that the state can support.
"We don't have enough technical evidence for mapping, and we're not considering mapping," said Shane Huntley, head of the Threat Analysis Group. However, the nature and objectives of the event align with those of the government-sponsored participants.
The threat assessment team discovered the activity in late August of this year. The hackers launched their attacks by hiding malware inside a Hong Kong media company and on the legitimate website of a well-known democratic labor and political group.
Users who have visited these pages encounter an unknown vulnerability and another exploits a previously patched vulnerability in macOS that is used to install a backdoor on their computers.
Apple fixed the vulnerabilities used in this campaign in an update released September 23. Google researchers were able to investigate these vulnerabilities by visiting hacked websites.
These websites offer iOS and macOS feeds. However, researchers can only restore macOS. The vulnerability is similar to another vulnerability another Google researcher analyzed in the past.
Google: For Hong Kong users
In addition, the vulnerabilities used in this hacking activity are the same as previously discovered by the Pangu Lab of the Network Security Research Team.
Pangu Lab researchers demonstrated the vulnerabilities at a Chinese security conference in April of this year. In other words, it was used by hackers against users in Hong Kong a few months ago.
According to Google, the vulnerability is a major vulnerability in macOS. But the researchers found that this also applies to macOS Catalina.
Apple researcher Patrick Wardle looked at Google search results and analyzed them by downloading malware from Virus Total, a malware repository owned by Google.
Wardle, who develops a number of free and open source security tools for the Mac, said it was no surprise that advanced hacking groups exploit vulnerabilities in the Mac.
He explained that it is interesting in this case that the hackers combine previously known vulnerabilities with the unknown vulnerabilities they received during the meeting.
Wardle discovered that the program contained a series of Chinese codes such as INSTALL (successful installation). He also discovered that the command and control server he called was in Hong Kong.