Kaspersky warns of “Operation Triangulation” iMessage attack
Kaspersky has warned about an ongoing attack called Operation Triangulation on Apple’s iMessage. The attacks, which started in 2019, are utilizing a zero-click, zero-day vulnerability which enables code execution and privilege escalation, with spyware being installed through a malicious iMessage attachment.
Through the Kaspersky Unified Monitoring and Analysis Platform (KUMA), the researchers discovered that the campaign possesses the capability to infiltrate devices without any user interaction. The vulnerability is triggered simply by receiving a malicious iMessage containing an attachment housing the exploit. It then exfiltrates private data, including microphone recordings, instant messenger photos, geolocation information, and other sensitive activities, to remote servers.
To investigate compromised iPhones, the researchers utilized a mobile verification toolkit and created offline backups, which enabled them to determine the presence of compromise. Further analysis revealed that the breach’s final payload was downloaded from a sophisticated advanced persistent threat (APT) platform. Although the exact nature of this payload is yet to be confirmed, it operates with root privileges and executes a series of commands to collect system and user information.
Mitigating this exploit appears relatively straightforward, as Kaspersky researchers have not encountered any compromised devices running iOS versions later than 15.7. This suggests that the vulnerability being exploited may have been addressed and patched in subsequent iOS updates.
The Russian Federal Security Service (FSB) has confirmed that both Russian citizens and diplomats have fallen victim to this vulnerability. Furthermore, the FSB has accused Apple and the United States National Security Agency (NSA) of orchestrating the attacks, an allegation that Apple vehemently denies.
The sources for this piece include an article in Forbes.