Hackers have reportedly begun targeting iCloud users in mainland China, utilizing a so-called "man-in-the-middle" approach in an attempt to steal user information, with one group accusing the Chinese government itself of perpetrating the attack.
The attacks were first revealed by Chinese activist group GreatFire.org, which said the latest efforts resemble previous attacks on Google, Yahoo, and Microsoft Hotmail. The organization has alleged that China's government is involved in the attacks, according to Reuters.
The attacks are said to have incredibly deep access to the servers of Chinese Internet providers, leading to speculation that the government-owned companies are cooperating in the attack. Security researchers say that Greatfire.org's claims appear to be accurate, though the Chinese government has denied the accusations.
The attacks first came to light when users in China began to receive security warnings from Apple's iCloud service. That led Chinese Internet activist Zhou Shuguang to investigate.
According to The Wall Street Journal, Zhou found that a so-called "man-in-the-middle" attack had been implemented between iCloud users and the server where data is hosted. His findings were also corroborated by security analyst Erik Hjelmvik of Netresec AB, who called the attack "quite massive" and "sophisticated."
Analysts who spoke with the Journal alleged that Chinese iCloud users' data stored in the cloud, including usernames and passwords, could be at risk if the attackers can decrypt the communication between users and iCloud servers in China. However, there was no immediate evidence that the hackers have been able to decrypt the data.
And while GreatFire.org has accused the Chinese government of being volved, some critics say the fact that users are alerted of security warnings suggest attack is too easily detected for the government to have played a part.