Article summary
- Cybersecurity firm Kaspersky has uncovered an ongoing mobile Advanced Persistent Threat (APT) campaign called ‘Operation Triangulation’ that targets iOS devices with unknown malware.
- The APT campaign distributes zero-click exploits via iMessage, allowing the malware to gain control over the device and user data for the purpose of spying on users.
- Kaspersky researchers discovered the campaign while monitoring network traffic and identified the general infection sequence, which involves sending a message with an attachment that triggers a vulnerability and provides full control over the device. The spyware then quietly transmits private information to remote servers.
A global cyber security firm, Kaspersky, said it has uncovered an ongoing mobile Advanced Persistent Threat (APT) campaign targeting iOS devices with unknown malware.
The cyber security firm made this known in its latest report on Friday. It said that the APT which was tagged as ‘Operation Triangulation’, distributes zero-click exploits via iMessage to run malware gaining complete control over the device and user data, with the final goal to spy on users.
It said that Kaspersky experts uncovered the new mobile APT campaign while monitoring the network traffic of its corporate Wi-Fi network using the Kaspersky Unified Monitoring and Analysis Platform (KUMA). Kaspersky added that upon further analysis, company researchers discovered that the threat actor had been targeting iOS devices of dozens of company employees.
How it operates
According to the company, the investigation of the attack technique is still ongoing, but so far Kaspersky researchers were able to identify the general infection sequence.
- “The victim receives a message via iMessage with an attachment containing a zero-click exploit. Without any further interaction, the message triggers a vulnerability that leads to code execution for privilege escalation and provides full control over the infected device.
- “Once the attacker successfully establishes its presence in the device, the message automatically deletes itself,” it said.
According to the report, the spyware quietly transmits private information to remote servers. This includes microphone recordings, photos from instant messengers, geolocation and data about a number of other activities of the owner of the infected device.
The report stated that during the analysis, it was confirmed that there was no impact on the company’s products, technologies, and services, and no Kaspersky customer user data or critical company processes were affected. It noted that the attackers could only access data stored on the infected devices.
No one is 100% secure
Commenting on the discovery, the Head of Eastern Europe, Middle East, and Africa Unit at Kaspersky, Igor Kuznetsov, said:
- “When it comes to cyber security, even the most secure operating systems can be compromised. As APT actors are constantly evolving their tactics and searching for new weaknesses to exploit, businesses must prioritize the security of their systems.”
Kuznetsov said this involved prioritizing employee education, and awareness and providing them with the latest threat intelligence and tools to effectively recognize and defend against potential threats. He added the company’s investigation of the triangulation operation continues, adding that further details on it would be shared as there could be other targets of this spy operation.
