Security researchers of Kaspersky, a cybersecurity solutions company, have detected a previously unknown malware that launched (advanced persistent threat) APT campaign targeting iOS devices.

According to Kaspersky, the “Operation Triangulation” campaign distributes zero-click exploits through iMessage, iPhone’s messaging feature, to run malware gaining complete control over the device and user data, with the final goal to spy on users.

Kaspersky researchers were able to identify the general infection sequence while the investigation of the attack technique is still ongoing. 

Kaspersky discovers GoldenJackal APT spies on gov’t organizations
AI in cybersecurity: Friend or foe?

The message contains the zero-click exploit as an attachment. Without any further interaction, the message triggered a vulnerability that led to code execution for privilege escalation and provided full control over the infected device. 

“Once the attacker successfully established its presence in the device, the message was automatically deleted,” Kaspersky explained in a media release.

Spyware transmission

The spyware quietly transmitted private information to remote servers including microphone recordings, photos from instant messengers, geolocation, and data about a number of other activities of the owner of the infected device.

“During the analysis, it was confirmed that there was no impact on the company’s products, technologies, and services, and no Kaspersky customer user data or critical company processes were affected,” the company said. 

The attackers could only access data stored on the infected devices. Although not certain, it is believed that the attack was not targeted specifically at Kaspersky, it just so happened that it was the first to discover the exploit. 

To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:

• For endpoint-level detection, investigation, and timely remediation of incidents, use a reliable security solution for businesses, like Kaspersky Unified Monitoring and Analysis Platform (KUMA)
• Update Microsoft Windows OS and other third-party software as soon as possible and do so regularly
• Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.
• Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts
• As many targeted attacks start with phishing or other social engineering techniques, introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform