A Kaspersky representative said in an email that it's not clear if any of the vulnerabilities were zero-days, meaning they were unknown to Apple and unpatched in iOS at the time they were exploited. The most recent iOS version to be successfully targeted is 15.7, which was current as of last month. Kaspersky researchers said the earliest traces of the Triangulation infections date back to 2019, and as of June 2023, attacks were ongoing. During this process, the malware “draws a yellow triangle in the device’s memory,” Eugene Kaspersky said. Operation Triangulation gets its name because the malware uses a technique known as canvas fingerprinting to discover what hardware and software a phone is equipped with. Further investigation from our team showed that several dozen iPhones of our employees were infected with a new, extremely technologically sophisticated spyware we dubbed ‘Triangulation.” The attack is carried out as discreetly as possible, however, the fact of infection was detected by Kaspersky Unified Monitoring and Analysis Platform (KUMA), a native SIEM solution for information and event management the system detected an anomaly in our network coming from Apple devices. Further, the spyware also quietly transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation and data about a number of other activities of the owner of the infected device. The deployment of the spyware is completely hidden and requires no action from the user. The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on the device and installs spyware. In Thursday’s post, Eugene Kaspersky wrote: Once the APT malware was installed, the initial text message that started the infection chain was deleted. APTs are almost always backed by nation-states. With that, the devices were infected with what Kaspersky researchers described as a “fully-featured APT platform.” APT is short for advanced persistent threat and refers to threat actors with nearly unlimited resources who target individuals over long periods of time. The malware, which has been in use against Kaspersky employees for at least four years, was delivered in iMessage texts that attached a malicious file that automatically exploited one or more vulnerabilities without requiring the receiver to take any action. This clickless APT exploit will self destruct An Apple representative denied the claim. A separate alert from the FSB, Russia's Federal Security Service, alleged Apple cooperated with the NSA in the campaign. “The coming days will bring more clarity and further details on the worldwide proliferation of the spyware.”Īccording to officials inside the Russian National Coordination Centre for Computer Incidents, the attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those located in NATO countries, post-Soviet nations, Israel, and China. “We are quite confident that Kaspersky was not the main target of this cyberattack,” Eugene Kaspersky, founder of the company, wrote in a post published on Thursday. Moscow-based security firm Kaspersky has been hit by an advanced cyberattack that used clickless exploits to infect the iPhones of several dozen employees with malware that collects microphone recordings, photos, geolocation, and other data, company officials said.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |