A persistent mobile Advanced Persistent Threat (APT) operation using previously unidentified malware to target iOS devices has been discovered by Kaspersky researchers. The “Operation Triangulation” operation uses iMessage to distribute zero-click exploits that launch malware and take full control of the device and user data with the ultimate purpose of covertly spying on people.
While using the Kaspersky Unified Monitoring and Analysis Platform (KUMA) to monitor the network traffic of its business Wi-Fi network, Kaspersky specialists discovered a new mobile APT campaign. Further investigation by business researchers revealed the threat actor had been focusing on the iOS devices of numerous employees.
Although Kaspersky experts are currently looking into the attack method, they have so far been able to pinpoint the broad infection process. The victim got an iMessage message with a zero-click attack attached to it. Without any more interaction, the message exploited a flaw and allowed code execution for privilege escalation, giving the attacker complete control of the compromised device. The message was removed automatically as soon as the intruder had established itself on the device.
Additionally, the malware covertly transferred user data to distant servers, including geolocation, microphone recordings, photographs from instant messengers, and information on a variety of other activities of the device owner.
The analysis revealed no damage on the business’s goods, technologies, and services, and no Kaspersky users’ personal information or crucial business operations were impacted. Only the information kept on the compromised devices was accessible to the attackers. Although it can not be confirmed, it is thought that Kaspersky was only the first to learn about the attack; the corporation was not particularly targeted. More information regarding the global reach of this cyberattack will probably become clearer over the next days.
Even the most secure operating systems can be vulnerable when it comes to cybersecurity. Businesses must give security of their systems first priority since APT actors are continually changing their strategies and looking for new vulnerabilities to exploit. Igor Kuznetsov, head of the EEMEA division at Kaspersky Global Research and Analysis Team (GReAT), explained that this entails giving priority to employee education and awareness as well as equipping them with the most recent threat intelligence and technologies to efficiently recognize and defend against potential threats. “We are still looking into the Triangulation operation. Given that this spy operation may have targets outside of Kaspersky, we anticipate hearing more information about it soon.