Security News Kaspersky's Employees Trojanized in Targeted Attack via iPhones

plat · Jun 1, 2023

Our experts have discovered an extremely complex, professional targeted cyberattack that uses Apple’s mobile devices. The purpose of the attack is the inconspicuous placing of spyware into the iPhones of employees of at least our company – both middle and top management.

The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware. The deployment of the spyware is completely hidden and requires no action from the user. The spyware then quietly transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation, and data about a number of other activities of the owner of the infected device.

The article further states that Kaspersky is not the "main target" of the attack, that it involves exploiting IPhones in general. K promises updates on this matter in the future.

Original source

plat · Jun 1, 2023

More news as this develops. The Russian government has now reportedly accused the United States of targeting Russian IPhones in order to install spyware via the Triangulation Trojan. The link to the "official" declaration is in the Tweet and since there's a red stroke thru the padlock signifying an insecure site, I'm not linking it directly. If not Russian-speaking, you will have to translate the page to whichever language you speak/read from Russian.

I have partially translated the text already and will leave it to your discretion as to how to take this.

R3j3ct · Jun 1, 2023

Russia says US hacked thousands of iPhones in iOS zero-click attacks

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies.

www.bleepingcomputer.com

BryanB · Jun 1, 2023

Apple is denying claims made by Russia's Federal Security Service (FSB) that it cooperated with American spies to surveil Russian iPhone users. From a report:In a statement, the company said it has "never worked with any government to insert a backdoor into any apple product and never will."

Apple Denies Surveillance Claims Made By Russia's FSB - Slashdot

Apple is denying claims made by Russia's Federal Security Service (FSB) that it cooperated with American spies to surveil Russian iPhone users. From a report: In a statement, the company said it has "never worked with any government to insert a backdoor into any apple product and never will."...

apple.slashdot.org

MuzzMelbourne · Jun 1, 2023

Mmmmm, big on jingoism, no mention of iOS version, Apple's response, or if its an issue after the latest iOS Rapid Security Response.

More information please Eugene...

MuzzMelbourne · Jun 1, 2023

Ahhh, now I see what's going on...

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

"Operation Triangulation" stole mic recordings, photos, geolocation, and more.

arstechnica.com

Russian government accuses Apple of colluding with NSA in iPhone spy operation

A Russian intelligence agency said thousands of iPhones were infected in an operation that shows "cooperation" between Apple and the NSA.

cyberscoop.com

Zero Knowledge · Jun 1, 2023

A one click zero-day invisible attachment iMessage exploit? That's pretty wild. Now that must have been a $2,000,000 exploit.

MuzzMelbourne · Jun 1, 2023

Zero Knowledge said:
A one click zero-day invisible attachment iMessage exploit?

Another headline you wouldn't see ten years ago?

Trident · Jun 1, 2023

These 0-day, 0-click vulnerabilities, mainly in components like Safari’s Web Kit, iMessage and last but not least, FaceTime are becoming more and more widespread. And more serious. Even though Apple releases all sorts of updates, including Rapid Security Response (announced last June and only 1 delivered with a ton of issues), various vulnerabilities still hinder unfixed.
Is Apple going to become one of these old money and old glory companies? Seems that way to me.

Zero Knowledge · Jun 1, 2023

MuzzMelbourne said:
Another headline you wouldn't see ten years ago?

Makes you wonder, doesn't it? The amount of research and development to get a exploit like this to work would be in the millions.

Even Apple with billions of dollars in R&D and huge security team missed this. Now it's a question of who else is vulnerable to such exploits?

Brahman · Jun 1, 2023

Zero Knowledge said:
Makes you wonder, doesn't it? The amount of research and development to get a exploit like this to work would be in the millions.

Even Apple with billions of dollars in R&D and huge security team missed this. Now it's a question of who else is vulnerable to such exploits?

Everyone whom CIA is interested in. It's not going to stop.

MuzzMelbourne · Jun 2, 2023

Brahman said:
Everyone whom CIA is interested in...

You know you're old and useless when you're fairly certain this doesn't apply to you...

upnorth · Jun 2, 2023

Nothing new under the sun either with Apple 0-days or that vendor employees gets hacked/breached in one way or the other, but interesting to hear " again " how effective Kaspersky is catching some creations. Then on the other hand, in this specific case it was always out of reach for normal peasants anyway:

the infection was detected by the Kaspersky Unified Monitoring and Analysis Platform (KUMA) – a native SIEM solution

and if it's actually is NSA, I doubt they worry much as their toolbox is way way deeper then just malware. Fair warning, it's a rabbit-hole extraordinaire.

https://www.nsa.gov/Portals/75/documents/what-we-do/research/technology-transfer/TTP%20Patent%20Portfolio%20v6.pdf

The analysis of the final payload is not finished yet.

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devices, inspected them and discovered traces of...

securelist.com

Gandalf_The_Grey · Jun 2, 2023

In search of the Triangulation: triangle_check utility

In our initial blogpost about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we developed a dedicated utility to scan the backups and run all the checks. For Windows and Linux, this tool can be downloaded as a binary build, and for MacOS it can be simply installed as a Python package.

Tool to find the Operation Triangulation traces

We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators

securelist.com

SeriousHoax · Jun 2, 2023

Search

Security News Kaspersky's Employees Trojanized in Targeted Attack via iPhones

plat

Level 29

plat

Level 29

R3j3ct

Level 1

Russia says US hacked thousands of iPhones in iOS zero-click attacks

BryanB

Level 26

Apple Denies Surveillance Claims Made By Russia's FSB - Slashdot

MuzzMelbourne

Level 15

MuzzMelbourne

Level 15

“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware

Russian government accuses Apple of colluding with NSA in iPhone spy operation

Zero Knowledge

Level 20

MuzzMelbourne

Level 15

Trident

Level 26

Zero Knowledge

Level 20

Brahman

Level 16

MuzzMelbourne

Level 15

upnorth

Moderator

Operation Triangulation: iOS devices targeted with previously unknown malware

Gandalf_The_Grey

Level 73

Tool to find the Operation Triangulation traces

SeriousHoax

Level 46

Similar threads