09:40
12:52
11:39
13:16
09:59
14:15
09:40
12:52
11:39
13:16
09:59
14:15
09:40
12:52
11:39
13:16
09:59
14:15
09:40
12:52
11:39
13:16
09:59
14:15
Kaspersky researchers have detected a sophisticated mobile Advanced Persistent Threat (APT) campaign called "Operation Triangulation," which specifically targets iOS devices using previously unknown malware.
The campaign, discovered during the monitoring of network traffic on Kaspersky's corporate Wi-Fi network, aims to gain complete control over devices and user data through zero-click exploits distributed via iMessage.
The investigation into Operation Triangulation is still ongoing, but initial findings reveal a concerning attack technique.
Victims receive iMessages with attachments containing zero-click exploits, which exploit vulnerabilities upon message delivery without any user interaction. This exploit triggers code execution for privilege escalation, providing the attacker with full control over the compromised device. Once established, the malware removes the message to avoid detection.
The spyware deployed in this campaign operates covertly, transmitting sensitive information to remote servers. This includes recorded audio from the device's microphone, images from instant messengers, geolocation data, and other user activities.
While the attack targeted many company employees, Kaspersky assures that their own products, technologies, services, and customer user data remained unaffected. Although the exact scope of the attack is yet to be determined, Kaspersky believes it was not specifically targeted at their organization. The company was the first to discover and report this threat.
Meanwhile Apple stated it has "never worked with any government to insert a backdoor into any apple product and never will."
Igor Kuznetsov, head of the EEMEA unit at Kaspersky Global Research and Analysis Team (GReAT), emphasized the importance of cybersecurity readiness in the face of evolving APT tactics. He stressed the need for businesses to prioritize employee education, awareness, and access to the latest threat intelligence and defense tools to effectively recognize and block potential threats.
Kaspersky's investigation into Operation Triangulation continues, with further details expected to be shared soon, as there may be targets beyond the Kaspersky organization affected by this spy operation.