apple patient
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Reviews
  • Insights
No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Reviews
  • Insights
No Result
View All Result
apple patient
No Result
View All Result

Hackers are attacking iCloud backups via fake Apple websites

by Milan
14. April 2026 - 00:29
in Apple News
iCloud backups Apple

Image: Shutterstock / FamVeld

A years-long hack-for-hire campaign has specifically targeted the iCloud backups of journalists, activists, and government officials. The attackers used fake Apple websites to steal Apple ID credentials.

While the security debate surrounding Apple has recently focused on technically complex exploits like Coruna and DarkSword, a new study shows that well-known methods remain alarmingly effective. Three cybersecurity organizations— Access Now, Lookout, and SMEX - have documented a coordinated hack-for-hire campaign that targeted individuals in the Middle East, North Africa, and beyond between 2023 and 2025. At the heart of the attacks on iPhone users were phishing sites that deceptively mimicked Apple's login pages.

The campaign was attributed to the group BITTER APT, which, according to Lookout, is an offshoot of the Indian hack-for-hire company Appin. Unlike the recently uncovered exploit chains that took advantage of technical vulnerabilities in iOS, BITTER APT relied on social engineering: The attackers tricked their targets into entering their Apple ID credentials on fake websites. With this data, they could then access the victims' iCloud backups—and thus the entire contents of their iPhones.

Nearly 1,500 fake domains

Lookout identified nearly 1,500 different web addresses in its report that served as phishing infrastructure. These included numerous domains that specifically imitated Apple services – such as variations like "facetime-web.me-en.io", "apple.id-us.cc", and "icloud.com-service.info". The fake pages were designed to be virtually indistinguishable from genuine Apple login pages.

The campaign wasn't limited to Apple: Google, Microsoft, Signal, WhatsApp, and Yahoo were also used as templates for phishing sites. The attackers adapted their methods depending on the platform and target audience.

Governments outsource hacking

The investigation confirms a growing trend: government agencies are contracting private hack-for-hire companies to conduct surveillance operations. This offers two advantages for the clients: the hacking group operates the entire infrastructure, providing the client with plausible deniability. At the same time, hiring such groups is significantly cheaper than purchasing commercial spyware like Pegasus.

The documented targets included journalists, civil society actors, and government officials in several countries in the Middle East and North Africa, as well as in Great Britain. Individuals with connections to US universities were also affected.

  • Recognizing Smishing: How to protect yourself from SMS fraud
  • Create and manage secure passwords: The Apple guide
  • WhatsApp hacked: How to protect your Account
  • Recognizing Phishing: How to protect yourself from fraud

What iPhone users can do

This case underscores that technical security measures are only as strong as their weakest link – and that is often the human element. Apple's anti-theft features and encryption technologies do not protect against phishing if users voluntarily enter their login credentials on a fake website.

The most important protective measures: Enable two-factor authentication for your Apple ID (if you haven't already), be generally suspicious of links in emails and messages, and never enter your Apple ID credentials on websites that are not directly accessible via apple.com. Apple's hardware security key support offers additional protection for particularly vulnerable individuals.

Anyone who suspects they have been the target of such an attack should immediately change their Apple ID password and check which devices are linked to their account – via "Settings" > their name > "Devices". (Image: Shutterstock / FamVeld)

  • iOS 26.5 Beta 2: Apple continues testing phase
  • Apple's AI chief John Giannandrea is leaving the Company
  • Mac mini & Mac Studio: Apple stops orders for some models
  • Apple becomes smartphone market leader for the first time in a first quarter
  • Apple showcases AI and AirPods Pro 3 Research at CHI 2026
  • WhatsApp brings Status Updates to the Chats tab
  • FBI recovered deleted Signal Messages via iPhone Database
  • Mac sales grow by 9 percent and outperform the PC market
  • OpenAI halves the price of ChatGPT Pro – with a focus on Codex
  • macOS 26.4.1 released: Bug fixes for the Mac
  • Apple Intelligence vulnerable to prompt injection attacks
  • Apple requests Samsung Data in US Antitrust Case
  • iOS 26.4.1 activates Theft Protection on Company iPhones
  • Self-Service Repair: New parts for MacBook Neo & Co.
  • iOS 26.4.1 fixes serious iCloud sync bug
  • iPhone dominates Smartphone Ranking: Five Models in the Top 10
  • iOS 26.4.1 is here: Apple releases bugfix Update
  • Apple ranks last in Repairability – with one exception
  • WhatsApp is getting a new CarPlay App with full Functionality
  • Apple develops AI Tool for UI Prototypes
  • Apple and Anthropic are jointly hunting for Security Vulnerabilities
  • Studio Display XDR receives FDA approval for Radiology
  • Apple Patent: Vision Pro could become modular and upgradeable
  • Steam Link comes natively to the Apple Vision Pro
Have you already checked out our Amazon Storefront? You'll find a hand-picked selection of various products for your iPhone and other devices there – enjoy browsing.
This post contains affiliate links.
Prefer Apfelpatient on Google One click – and you'll see us more often on Google
Was this article helpful?
YesNo
Tags: Apple ServicesiCloudiOS
Previous Post

Use public Wi-Fi safely: How to protect your iPhone

Next Post

What Analysts expect from Apple's Q2 2026

Next Post
Apple Q2 2026

What Analysts expect from Apple's Q2 2026

Apple OpenAI

Apple is taking legal action against OpenAI – over AI hardware

July 11, 2026
Apple CarPlay iOS 27

CarPlay in iOS 27: All new features at a glance

July 10, 2026
Apple AI chips

Apple receives royalty-free access to AI chips in the Emirates

July 10, 2026

About APFELPATIENT

APFELPATIENT brings you the latest Apple news, product updates, guides, reviews and tips across the entire Apple ecosystem — from the iPhone to the Mac to the Apple Vision Pro. From the first rumors to confirmed news: researched responsibly.

Follow Apfelpatient

Facebook Instagram YouTube threads threads

Company

  • About Apfelpatient
  • Contact
  • Author Profiles

Community

  • Netiquette
  • Push Notifications
  • RSS feed

Legal

  • Legal Notice
  • Privacy Policy
  • Terms of Use
  • Cookie Settings
  • Affiliate Program

Resources

  • Sitemap

© 2026 Apfelpatient. All rights reserved.

No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Reviews
  • Insights

© 2026 Apfelpatient. All rights reserved. Page Directory

Change language to Deutsch