Chinese Hackers Target Smartphones with Zero-Click Attacks

Editorial Team 9th June 2025

3,076 4 minutes read

TCS Investigates M&S Cyberattack Origin

A sophisticated cyberattack targeting smartphones has raised serious concerns about the vulnerabilities of mobile devices and the increasing threat posed by foreign actors, particularly China. The attacks, which have been detected across various sectors including politics, media, and technology, underscore the growing risks associated with mobile security. The campaigns, which began in late 2024 and continued into 2025, exploit previously unknown vulnerabilities within smartphone operating systems, enabling hackers to access sensitive communications without any action from the device owner.

Cybersecurity investigators initially discovered the attacks when they noticed a pattern of unusual crashes on smartphones belonging to individuals with high-profile positions. These included people working in government, journalism, and tech industries, all of whom had previously been targeted by Chinese hackers. The discovery of the anomalies pointed to a potentially new form of cyberattack, one that could be carried out without any user interaction, relying instead on flaws in the mobile software itself. Investigations revealed that the iPhones in question had been compromised through a vulnerability within the operating system’s “imagent” process, a part of the device that helps manage communication-related tasks. This flaw allowed attackers to infiltrate the phone and gain access to private information, including text messages and phone calls.

The vulnerability was eventually patched by Apple in the iOS 18.3 update, but the potential for similar attacks remains. Experts warn that mobile devices have become prime targets for hackers, as they hold a wealth of sensitive data, from personal communications to business secrets and government information. The widespread use of smartphones, paired with the increasing sophistication of cyberattacks, has made these devices a critical point of concern for national security.

One of the most troubling aspects of these attacks is the difficulty in tracing the perpetrators. While investigators were able to identify the compromised phones and observe the malicious activity, they were unable to definitively identify the hackers responsible. However, the circumstantial evidence strongly suggests that the attacks were state-sponsored, with many of the victims having been previously targeted by Chinese actors. The targets’ associations with high-level political or business activity, particularly in areas that could be of interest to China, further point to the likelihood of these attacks being part of a broader espionage campaign.

The use of zero-click exploits, which do not require any user interaction, makes these attacks especially dangerous. Traditionally, many cyberattacks rely on phishing emails or malicious links to lure victims into clicking and unwittingly installing malware. However, zero-click attacks exploit flaws in the software itself, allowing hackers to gain access without requiring the user to take any action. This method is much harder to defend against, as it bypasses typical security measures that rely on user caution.

In one particularly alarming case, investigators detected rapid-fire iMessage updates sent to the affected devices, causing a memory corruption that could then be exploited. This vulnerability, now known as NICKNAME, was tied to a crash pattern observed on the affected devices, which appeared exclusively on high-value targets. The highly specific nature of the crash, occurring in less than 0.001% of crash logs, made it an anomaly, and its exclusive appearance on devices belonging to individuals with clear geopolitical relevance only deepened concerns that these attacks were not random.

The targeted individuals were often involved in business or political activities of interest to the Chinese government, including dealings that were seen as counter to China’s objectives. This, coupled with the evidence of successful exploitation and subsequent efforts to erase traces of the attack, paints a picture of a deliberate and calculated espionage operation aimed at gathering intelligence on high-profile figures and sensitive communications. The use of iMessage and other secure messaging apps like Signal to communicate with these individuals shows the lengths to which cyberattacks are now going in bypassing encrypted communication methods.

The compromised devices displayed behaviors commonly associated with advanced spyware attacks, including the bulk deletion of iMessage attachments and anomalous crashes. Despite the lack of conclusive proof that the attacks were successful in all cases, the circumstantial evidence and the rare nature of the crashes leave little doubt that the devices had been compromised, granting attackers full access to sensitive conversations and information. In some cases, Apple even sent threat notifications to government officials, warning them about the possibility of compromise.

While the immediate threat of this particular vulnerability was mitigated by Apple in its iOS 18.3 update, experts warn that it may be part of a larger exploit chain, with other elements still active. The attacks highlight the ongoing vulnerability of mobile devices and their associated applications, which are often overlooked in security protocols. Even though many smartphones come with built-in security features, apps and connected devices remain weak points that can be exploited by hackers. A compromised phone can offer access to not just the device’s contents but also to the larger network it is connected to, opening up avenues for further exploitation.

The security risks posed by mobile devices are especially troubling when considering their critical role in national security. From government officials to business leaders, many high-profile figures use smartphones to communicate and access sensitive information. As these devices become integral to the functioning of modern society, the potential for them to be infiltrated by foreign actors poses a significant threat. The failure to adequately secure these devices could lead to breaches of national security and the loss of confidential information.

In light of these developments, cybersecurity experts urge organizations, particularly those in government and business sectors, to rethink their approach to mobile security. They warn that current practices, which often focus on securing traditional computer systems, are insufficient in the face of evolving threats targeting mobile platforms. The attack on high-profile targets serves as a reminder of the importance of safeguarding all communication channels, regardless of the encryption or security measures in place. As mobile devices continue to serve as both personal tools and integral components of business and governance, their security must be prioritized to protect against the growing risks of cyber espionage and state-sponsored attacks.