Attempts to log in to Apple’s iCloud in China sees users directed to a spoof website which may be an attempt by the state to harvest passwords.
The country’s firewall is blocking all connections to Apple’s login page and instead directing them to a dummy site that looks virtually identical.
Those using Chrome and Firefox browsers are automatically notified that they are no longer on Apple’s website, but users of Chinese browser Qihoo will see no indication of the issue.
iCloud stores information including documents, iMessages, photos, emails and contact information.
If the perpetrator of the attack is confirmed to be Chinese state, it would be the first time it has directly targeted an Apple service.
However, web censorship watchdog Great Fire said: “Apple has a long history of working with the Chinese authorities to self-censor content in China.
“While we worry for Chinese users who may have their accounts compromised, we are shedding no tears for the Apple executives.”
The site pointed out that similar attacks using the man-in-the-middle technique have hit Google and Microsoft this year.
Apple recently added disk encryption by default to its mobile operating system, a move which drew complaints from the FBI and other law enforcement agencies.