Security News Kaspersky's Employees Trojanized in Targeted Attack via iPhones

plat

Level 29
Thread author
Verified
Top Poster
Well-known
Sep 13, 2018
1,838
Our experts have discovered an extremely complex, professional targeted cyberattack that uses Apple’s mobile devices. The purpose of the attack is the inconspicuous placing of spyware into the iPhones of employees of at least our company – both middle and top management.

The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware. The deployment of the spyware is completely hidden and requires no action from the user. The spyware then quietly transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation, and data about a number of other activities of the owner of the infected device.

The article further states that Kaspersky is not the "main target" of the attack, that it involves exploiting IPhones in general. K promises updates on this matter in the future.

Original source
 

plat

Level 29
Thread author
Verified
Top Poster
Well-known
Sep 13, 2018
1,838
More news as this develops. The Russian government has now reportedly accused the United States of targeting Russian IPhones in order to install spyware via the Triangulation Trojan. The link to the "official" declaration is in the Tweet and since there's a red stroke thru the padlock signifying an insecure site, I'm not linking it directly. If not Russian-speaking, you will have to translate the page to whichever language you speak/read from Russian.



I have partially translated the text already and will leave it to your discretion as to how to take this.
 

BryanB

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,513
Apple is denying claims made by Russia's Federal Security Service (FSB) that it cooperated with American spies to surveil Russian iPhone users. From a report:In a statement, the company said it has "never worked with any government to insert a backdoor into any apple product and never will."
 

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
696

Trident

Level 26
Verified
Well-known
Feb 7, 2023
1,542
These 0-day, 0-click vulnerabilities, mainly in components like Safari’s Web Kit, iMessage and last but not least, FaceTime are becoming more and more widespread. And more serious. Even though Apple releases all sorts of updates, including Rapid Security Response (announced last June and only 1 delivered with a ton of issues), various vulnerabilities still hinder unfixed.
Is Apple going to become one of these old money and old glory companies? Seems that way to me.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
889
Another headline you wouldn't see ten years ago?
Makes you wonder, doesn't it? The amount of research and development to get a exploit like this to work would be in the millions.

Even Apple with billions of dollars in R&D and huge security team missed this. Now it's a question of who else is vulnerable to such exploits?
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
776
Makes you wonder, doesn't it? The amount of research and development to get a exploit like this to work would be in the millions.

Even Apple with billions of dollars in R&D and huge security team missed this. Now it's a question of who else is vulnerable to such exploits?
Everyone whom CIA is interested in. It's not going to stop.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,393
Nothing new under the sun either with Apple 0-days or that vendor employees gets hacked/breached in one way or the other, but interesting to hear " again " how effective Kaspersky is catching some creations. Then on the other hand, in this specific case it was always out of reach for normal peasants anyway:
the infection was detected by the Kaspersky Unified Monitoring and Analysis Platform (KUMA) – a native SIEM solution
and if it's actually is NSA, I doubt they worry much as their toolbox is way way deeper then just malware. Fair warning, it's a rabbit-hole extraordinaire. :coffee:

The analysis of the final payload is not finished yet.
 

Gandalf_The_Grey

Level 73
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,211
In search of the Triangulation: triangle_check utility
In our initial blogpost about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we developed a dedicated utility to scan the backups and run all the checks. For Windows and Linux, this tool can be downloaded as a binary build, and for MacOS it can be simply installed as a Python package.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top