Late last week, security researchers from Google’s Project Zero team provided us with fascinating details regarding a sophisticated exploit targeting iPhone users. The exploit itself relied upon a number of 0-day vulnerabilities and, somewhat curiously, indiscriminately installed malware on any device that happened to visit an infected website.
Once installed, the malware would collect a user’s photos, private messages, passwords, and even send GPS location data in real-time. Initially, the Project Zero team didn’t mention who was behind the malware or who it targeted, save for a cryptic message that it may have been designed to target a specific ethnic group.
A few days later, we now know a little bit more about the origins of the malware. Citing sources familiar with the matter, TechCrunch is reporting that the malware was likely a state-sponsored attack from China targeting the country’s Uyghur Muslim community.
“It’s part of the latest effort by the Chinese government to crack down on the minority Muslim community in recent history,” TechCrunch notes. “In the past year, Beijing has detained more than a million Uyghurs in internment camps, according to a United Nations human rights committee.”
Additionally, some Muslims in Uyghur areas have actually been banned from fasting during the month of Ramadan in years past.
Interestingly, subsequent reports have added that the malware in question didn’t just target iOS users. According to Forbes, the malware campaign also targeted Android and Windows users.
Speaking to the sophistication of the attack — which persisted for two years — sources tell Forbes that the malware on impacted sites was routinely updated to adapt to the computing usage habits of the Uyghur community.
Apple patched the iOS vulnerabilities back in February, but the broader takeaway here is that even a company as security-minded as Apple can be left playing catch-up when dealing with state-sponsored malware.