Chinese government apparently phishing iCloud account info with man-in-the-middle attack (Update: Apple confirms)

B0UTDYfCYAAHPRK

 

Update: Apple is aware of the attack, via CNBC. As expected, Apple’s own servers were not compromised.

Although unconfirmed, GreatFire is reporting that Apple is now the subject of Chinese government hacking attempts. According to the report, the government is using the institutional firewall to redirect traffic directed at iCloud.com to a fake page that resembles the iCloud.com interface almost perfectly.

Like other phishing attacks, this page is pretending to be Apple’s portal but instead intercepts entered usernames and passwords for other means. Although some browsers in China are set up to warn users about these kind of man-in-the-middle attacks, many don’t and (assumedly) many citizens disregard the warnings as the site appears quite genuine otherwise.

Read more