Hackers discovered attacking iOS device users

Dubbed 'Operation Triangulation', the campaign spreads a zero-click exploit via iMessage to run malware that gains complete control over the user's device and data, with the ultimate goal of secretly spying on the user.

Kaspersky experts discovered this APT campaign while monitoring the network traffic of the company's Wi-Fi using Kaspersky Unified Monitoring and Analysis Platform (KUMA). After further analysis, researchers discovered that the threat actor had targeted the iOS devices of dozens of company employees.

The investigation into the attack technique is still ongoing, but Kaspersky researchers were able to identify the general infection sequence. The victim receives an iMessage message with an attachment containing a zero-click exploit. Without any interaction from the victim, the message triggers a vulnerability that leads to code execution, escalating privileges and giving full control of the infected device. Once the attacker has successfully established their presence on the device, the message is automatically deleted.

Not stopping there, the spyware quietly transmits personal information to remote servers, including audio recordings, photos from instant messaging apps, geolocation, and data about several other activities of the infected device owner.

During the analysis, Kaspersky experts confirmed that there was no impact on the company's products, technologies, and services, nor did any Kaspersky customer data or critical company processes. The attackers were only able to access data stored on infected devices. Kaspersky was the first company to detect this attack, but it is unlikely to be the only target.

“When it comes to cybersecurity, even the most secure operating systems can be compromised. As APT attackers are constantly evolving their tactics and looking for new weaknesses to exploit, businesses must prioritize the security of their systems. This involves prioritizing employee education and awareness , while providing them with the latest threat intelligence and tools to effectively recognize and protect against potential threats,” commented Igor Kuznetsov, Head of EEMEA at Kaspersky’s Global Research and Analysis Team (GReAT).