Unveiling Operation Triangulation: A Disturbing Mobile APT Targeting iOS Devices

In a groundbreaking discovery, researchers at Kaspersky have exposed an ongoing mobile Advanced Persistent Threat (APT) campaign that poses a significant risk to iOS device users. Termed “Operation Triangulation,” this covert operation employs previously unknown malware and employs zero-click exploits distributed through iMessage. The ultimate objective of this insidious campaign is to gain complete control over the targeted devices and discreetly spy on the affected users.

The revelation of this new mobile APT campaign came to light as Kaspersky experts diligently monitored network traffic on their corporate Wi-Fi network using the advanced Kaspersky Unified Monitoring and Analysis Platform (KUMA). Their observations led to the startling realization that the threat actor had been systematically targeting iOS devices belonging to dozens of company employees.

Though the investigation into this attack technique is still underway, Kaspersky researchers have made headway in understanding the general sequence of infection. The victim receives a seemingly innocuous iMessage with an attachment containing a zero-click exploit. Without any interaction required, the message triggers a vulnerability, facilitating code execution for privilege escalation and providing the attacker with full control over the compromised device. Once successfully entrenched within the device, the message is automatically erased from existence.

Unbeknownst to the victims, this insidious spyware covertly transmits private information to remote servers. This compromised data includes microphone recordings, photos from instant messengers, geolocation data, and various other activities conducted by the unsuspecting device owners.

Importantly, the analysis conducted thus far has determined that Kaspersky’s products, technologies, and services remain unaffected by this attack. Moreover, no Kaspersky customer user data or critical company processes have been compromised. The attackers’ access was limited solely to the data stored on the infected devices. While not definitive, it appears that this attack was not exclusively aimed at Kaspersky; the company merely happened to be the first to uncover it. In the coming days, a clearer understanding of the global impact of this cyber attack is expected to emerge.

Commenting on this disconcerting development, Igor Kuznetsov, the head of the EEMEA unit at Kaspersky’s Global Research and Analysis Team (GReAT), emphasized the vulnerability even the most secure operating systems face in the realm of cybersecurity. He stressed the criticality of businesses prioritizing the security of their systems by investing in employee education, awareness, and equipping them with the latest threat intelligence and tools to effectively recognize and defend against potential threats. Kuznetsov further added that the investigation into Operation Triangulation continues, with more details expected to be shared soon, as it is highly likely that the spy operation targets extend beyond Kaspersky’s own network.

To check whether your iOS device has been infected, please follow the instructions provided on the website.

To mitigate the risk of falling victim to a targeted attack by either known or unknown threat actors, Kaspersky researchers recommend implementing the following precautionary measures:

  1. Deploy a reliable security solution for businesses, such as the Kaspersky Unified Monitoring and Analysis Platform (KUMA), to enable endpoint-level detection, investigation, and timely remediation of incidents.
  2. Regularly update the Microsoft Windows OS and other third-party software to ensure vulnerabilities are promptly addressed.
  3. Grant your Security Operations Center (SOC) team access to the latest threat intelligence (TI). Kaspersky Threat Intelligence serves as a comprehensive resource, offering cyberattack data and insights accumulated by Kaspersky over two decades.
  4. Enhance your cybersecurity team’s capabilities by providing them with Kaspersky’s online training programs developed by GReAT experts, empowering them to combat the latest targeted threats effectively.
  5. Introduce security awareness training for your team, focusing on practical skills to thwart phishing attacks and other social engineering techniques. Consider leveraging the Kaspersky Automated Security Awareness Platform for comprehensive employee education.

By proactively implementing these measures, organizations can bolster their defenses against targeted attacks and ensure the safety of their valuable data and systems.

6 June 2023

Author: Terry KS

Share This Post On