Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users

Google researchers caught hackers targeting users in Hong Kong exploiting what were at the time unknown vulnerabilities in Apple's Mac operating system. According to the researchers, the attacks have the hallmarks of government-backed hackers. From a report: On Thursday, Google's Threat Analysis Group (TAG), the company's elite team of hacker hunters, published a report detailing the hacking campaign. The researchers didn't go as far as pointing the finger at a specific hacking group or country, but they said it was "a well resourced group, likely state backed." "We do not have enough technical evidence to provide attribution and we do not speculate about attribution," the head of TAG Shane Huntley told Motherboard in an email. "However, the nature of the activity and targeting is consistent with a government backed actor." Erye Hernandez, the Google researcher who found the hacking campaign and authored the report, wrote that TAG discovered the campaign in late August of this year. The hackers had set up a watering hole attack, meaning they hid malware within the legitimate websites of "a media outlet and a prominent pro-democracy labor and political group" in Hong Kong. Users who visited those websites would get hacked with an unknown vulnerability -- in other words, a zero-day -- and another exploit that took advantage of a previously patched vulnerability for MacOS that was used to install a backdoor on their computers, according to Hernandez.

Read more of this story at Slashdot.

from Slashdot https://ift.tt/31YlN53

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER