Metacurity

Share this post

Hackers Used macOS Zero-Day Against Hong Kong Users in Watering Hole Attacks

metacurity.substack.com

Hackers Used macOS Zero-Day Against Hong Kong Users in Watering Hole Attacks

NSO Pegasus spyware reportedly found on high-ranking Palestinian diplomats' phones, FBI issues warning about Iranian hackers, Israel removes LGBTQ website from internet for faulty security, more

Cynthia Brumfield
Nov 12, 2021
∙ Paid
1
Share

In yet another example of zero-day vulnerabilities exploited in the wild by attackers, in late August 2021, Google’s Threat Analysis Group (TAG) discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and prominent pro-democracy labor and political group.

The websites leveraged for the attacks contained two iframes that served exploits from an attacker-controlled server, one for iOS and another for macOS. The iOS exploit chain used a framework based on Ironsquirrel to encrypt exploits delivered to the victim's browser. The landing page contained a simple HTML page loading two scripts for the macOS exploit, one for Capstone.js and another for the exploit chain.

Both attacks chained multiple vulnerabilities together so attackers could take control of victim devices to install their malware. The macOS version involved the exploitation of a WebKit vulnerability and a kernel bug.

In both attacks, the distributed malware ran in the background and could dow…

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing