A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China’s autonomous region of Xinjiang.
The findings, published by digital forensics firm Volexity, reveal that the exploit — named “Insomnia” — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by Apple with the release of iOS 12.4 in July 2019.
Volexity said the attacks were carried out by a state-sponsored hacking group it calls Evil Eye, the same threat actor that it said was behind a series of attacks against the Uyghurs last September following a bombshell disclosure by Google’s Project Zero team.
China has long considered Xinjiang a breeding ground for “separatists, terrorists and religious extremists,” with the residents of the region — ethnically Turkic Muslims — thrown into concentration camps, and subjected to persecution and high-tech surveillance.
images from Hacker News