While the attackers of Operation Triangulation remain a mystery for now, the speculations have already begun. Kaspersky researchers discovered a previously unknown mobile APT campaign targeting iOS devices. The campaign, which they are calling Operation Triangulation, uses zero-click exploits to infect devices via the iMessage platform. Once infected, the malware runs with root privileges, giving the attacker complete control over the device and user data.
Cold times: At the same time as Kaspersky’s investigation, Russia’s FSB (Federal Security Service) intelligence and security agency has made claims that Apple is working with the NSA. The Russian Federal Security Service claims that Apple deliberately provided the National Security Agency (NSA) with a backdoor, allowing malware to infect iPhones in Russia. A large number of hacked devices belonging to Russian government officials and workers from various embassies, they claim, is more proof of this. The FSB has made these assertions, but it has not presented any evidence.
A previous Russian directive instructed the presidential staff and government workers to stop using iPhones and other products developed in the USA. The cyberattacks on Kaspersky’s Moscow headquarters and international staff have been verified. But, the business made clear that, without access to the government’s technical investigative data, it is unable to validate a direct relationship between its results and the FSB’s report. Nonetheless, the Russian CERT has issued a warning that is consistent with Kaspersky’s results and the FSB’s statement.
Meet the iPhone Trojan: How does Operation Triangulation work?
The first stage of Operation Triangulation involves sending the victim a malicious iMessage attachment. The attachment appears to be a legitimate file, such as a PDF or image. However, when the victim opens the attachment, the malware is installed on the device.
The malware then uses a zero-click exploit to gain root privileges on the device. This means that the attacker can do anything they want with the device, including stealing data, installing additional malware, or taking control of the device remotely.
“Due to the peculiarities of blocking iOS updates on infected devices, we have not yet found an effective way to remove spyware without losing user data. This can only be done by resetting infected iPhones to factory settings, installing the latest version of the operating system and the entire user environment from scratch. Otherwise, even if the spyware is deleted from the device memory following a reboot, Triangulation is still able to re-infect through vulnerabilities in an outdated version of iOS.”
-CEO Eugene Kaspersky explains on his blog
According to Kaspersky, the earliest evidence of infection dates back to 2019, yet the malware is still infecting iPhones today. On the bright side, the exploit has only been seen on iPhones running iOS 15.7 or earlier. Apple released iOS 15.7 in September 2022, and according to the Apple Developer Portal, more than 80% of all iPhones are running iOS 16 or later.
In any case, Eugene Kaspersky insists that “the main focus of this hack was not Kaspersky Lab.” Why so many Kaspersky products were affected, how broad the spyware assault actually is, and whether or not the typical iPhone user is at risk are all questions that remain unanswered.
Meanwhile, there is just one more reason to update your iPhone’s operating system regularly.
See how Photoshop AI Generative Fill feature changes designers’ lives, a thread
Operation Triangulation: How to protect yourself from the iPhone trojan?
Several measures exist against mobile APT campaigns like Operation Triangulation, and here are some of them you can easily follow:
- Do not open attachments from unknown senders: Even if the attachment appears to be from a legitimate source, it is best to err on the side of caution and not open it.
- Keep your device’s operating system and apps up to date: Software updates often include security patches that can help protect your device from known vulnerabilities.
- Use a security solution that can detect and block malicious apps: A good security solution can help protect your device from malware, even if you do open a malicious attachment.
The Operation Triangulation malware poses a significant risk to iOS users, according to Kaspersky. The advanced techniques used in this campaign allow the attacker to infect devices and take full control of them. It’s crucial to secure your mobile devices against this and similar APT tactics.