The watchdog site says it appears to be a nationwide attack on iCloud accounts, designed to make users think they are communicating with Apple when in fact they are not. The attackers in this case set up a fake website that looks like Apple iCloud. Using login credentials supplied by the user, the attacker is then able to steal personal information stored in iCloud.
In its blog post, GreatFire.org says the attack is what's known as a "man-in-the-middle" attack, a form of "active eavesdropping" that scoops up a user's personal data without their knowledge. It alleges that Chinese authorities are behind the attack. "This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud," the site states.
GreatFire.org also attributed recent attacks against Google and Yahoo to a Chinese government effort to snoop on what information users are accessing. But in its blog post, it says "the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.... This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland."
The Verge noted that "A similar attack is also being leveled against Microsoft's Login.live.com, the company's gateway for all account logins."
GreatFire.org advises Chinese iCloud users to protect themselves by using a VPN (virtual private network) or a trusted desktop browser that warns users of "man-in-the-middle" web attacks. They recommend Firefox or Chrome, but not Qihoo's Chinese 360 browser. They also urge users to take advantage of Apple's two-step verification feature.
Apple issued a statement on its website, saying: "We're aware of intermittent organized network attacks using insecure certificates to obtain user information... These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser."
Apple advises checking a site's digital security certificate before entering any information. It also notes that "the iCloud website is protected with a digital certificate... Users should never enter their Apple ID or password into a website that presents a certificate warning."