As seen in Figure 2, an iframe was injected into pages served by bc.d100net – the section of the website used by subscribers – between September 30 th and November 4 th 2021. We could also confirm that the Internet Archive cached a copy of the web page on November 13 th.ĮSET researchers found another website, this time legitimate but compromised, that also distributed the same exploit during the few months prior to the Google TAG publication: the online, Hong Kong, pro-democracy radio station D100. The very recent registration date of the fightforhkcom domain, October 19 th, 2021, and the fact that the website is no longer accessible, supports that idea. We can read on its home page “Liberate Hong Kong, the revolution of our times”. It was reported by Felix Aimé from SEKOIA.IO that one of the websites used to propagate the exploits was a fake website targeting Hong Kong activists. DazzleSpy Mac malwareĪlthough Google revealed some details at the time, it turns out that security researchers at ESET discovered it first, and the firm has now released more detailed information.īased on the websites used for the attack, it’s not exactly hard to work out who was behind it. Watering hole attacks are so named because they are used at places where targets are likely to gather, such as particular types of websites. The watering hole served an XNU privilege escalation vulnerability ( CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor īased on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. Google’s Threat Analysis Group (TAG) first reported the attack back in November of last year. That discovery was, thankfully, made by a cybersecurity student who reported it to Apple. We learned yesterday about a hijack of the Mac webcam. Security researchers have released details of DazzleSpy – Mac malware that enabled key-logging, screen captures, microphone access, and more.ĭazzleSpy was used to target Hong Kong democracy activists, initially through a fake pro-democracy website, and later through a real one, in a so-called watering hole attack …
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |