Chinese users recently attempting to access Apple’s iCloud online data storage service may have had their personal information stolen in what one cybersecurity firm claims was a high-level cyberattack backed by Chinese authorities.
GreatFire, an independent Chinese censorship watchdog, said the hack was a “man-in-the-middle” attack, in which hackers get access to users’ files by getting them to enter their login information into a fake login site. The hackers then set in “the middle” of users and the service, grabbing data at it’s transmitted between the two.
Apple confirmed the attack Tuesday, stating that it is “aware of intermittent organized network attacks using insecure certificates to obtain user information.” The firm added that the attacks “don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”
GreatFire said the hackers involved with the iCloud breaches used servers accessible by only state-run organizations and Chinese authorities, a sign the attacks had the blessing of such authorities. The hack came just as the iPhone 6 was released in China after a delay over the government’s security firms.
The iCloud attack follows a report earlier this month that “a very large organization or nation state” was putting malicious spyware onto iPhones and iPads belonging to Hong Kong’s pro-democracy protestors. GreatFire also previously reported that Chinese authorities had launched attacks on GitHub, Google, Yahoo and Microsoft in an apparent effort to censor those services.
“This is what nation states do to ‘protect’ their citizens. There is nothing surprising or unexpected in this revelation,” said Phil Lieberman, president of cybersecurity firm Lieberman Software. “It would not be hard to find other countries doing similar things.”