The Chinese government is considered the likely culprit.
The websites stealing data from iPhones might have been used for particularly sinister purposes. TechCrunch sources claim the sites were part of a state-sponsored campaign, presumably from China, targeting the country’s Uyghur Muslim population. The pages would have let China swipe sensitive info like messages and passwords, not to mention track their locations. Apple quietly fixed the issue with iOS 12.1.4 in February, but it’s possible that thousands of Uyghurs’ phones were compromised before then.
It’s not certain if the sites also targeted Android users, although Forbes sources said Android and Windows users were also under the crosshairs. China has used a number of tactics to compromise phones and crack down on Uyghur Muslims. Border guards have reportedly been installing surveillance apps on the Android phones of tourists entering the Xinjiang region. They can’t do the same on iPhones due to tighter app installation controls, but they’ve reportedly scanned the devices at the border.
The sites also inadvertently infected non-Uyghurs who found the pages in Google search, according to one of the tipsters. That apparently led the FBI to ask Google to de-index sites and reduce the number of infections. Google has declined to comment beyond the publicly available research info, while the FBI would neither confirm nor deny that it had been investigating.
If China was targeting Uyghurs with the sites, it wouldn’t have been surprising. The country has been conducting far-reaching surveillance in a bid to silence dissent in Xinjiang, including the reported use of face recognition to monitor people on watch lists. Hostile websites would have just been one resource among many to keep track of local Muslims and punish those who dare fall out of line.