China Was Using the iPhone ‘Watering Hole’ Websites to Spy on Uyghur Muslims

Last updated June 29, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

After last week’s revelation about a set of 'watering hole' websites that were targeting iPhones running all versions of iOS, the first signs of who was behind the operation have started to see the light. The initial discovery was the work of Google’s Project Zero researchers, and the description of how the data exfiltration on the infected devices happened indicated that the users could have very easily not realized a thing, even after years of being spied upon. With the operation making headlines all over the Web, more details about the surveillance operation have now surfaced on Forbes.

The newly published report says that not only iOS devices were targeted but also Android and Windows PCs. This means that there are plenty more victims than initially anticipated.  Secondly, it looks like the operation was supported by China, and the main target was the community of Uyghur Muslims living in the Xinjiang state. This is a minority Turkic ethnic group who has been vigorously targeted by the Chinese state in the past few years. Back in July, we saw how Chinese state spyware that was forcibly installed onto the devices of all visitors who enter the Xinjiang territory was searching for Islamic state documents, jihadi anthems, and even Quran verses. It is obvious that the Chinese regime isn’t fond of Muslims and automatically qualifies them as a problem for the state.

All that said, the unnamed websites that were used in this mass surveillance operation must have to do with the targeted ethnic group, possibly featuring something relevant to their religion and culture. TechCrunch dug deeper into the matter and confirmed that the FBI knew about the malicious nature of some of these domains, and had informed Google to remove them from its index in order to protect people from getting infected with spyware. Remember, these websites were indiscriminately infecting anyone who visited them, and not just Uyghurs. While the websites still remain unknown to the public, the main takeaway from this story is that no one is safe when browsing the web, no matter the operating system they’re using.

Have something to comment on the above? Feel free to share your thoughts with us in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: