Dubbed 'Operation Triangulation', the campaign spreads a zero-click exploit via iMessage to run malware that gains complete control over devices and user data, with the ultimate goal of secretly spying on users.
Kaspersky experts discovered this APT campaign while monitoring corporate Wi-Fi network traffic using Kaspersky Unified Monitoring and Analysis Platform (KUMA). After further analysis, the researchers discovered that the threat agent had targeted the iOS devices of dozens of company employees.
The attack technique investigation is still ongoing, but Kaspersky researchers were able to determine the general infection sequence. Victims receive a message via iMessage with an attachment containing a zero-click exploit. Without interaction from the victim, the message triggers a vulnerability that leads to code execution to escalate privileges and provide full control over the infected device. After the attacker successfully establishes their presence on the device, the message is automatically deleted.
Not stopping there, the spyware quietly transmits personal information to remote servers, including audio recordings, photos from instant messaging apps, geolocation, and data about several other activities of the infected device owner.
During the analysis, Kaspersky experts confirmed that there was no impact on the company's products, technologies and services, and no Kaspersky customer data or critical company processes were affected. Attackers can only access data stored on infected devices. Kaspersky was the first company to detect this attack, but it probably won't be the only target.
Igor Kuznetsov, Head of the EEMEA Unit in Global Research and Analysis TeamKaspersky's head (GReAT) commented: “When it comes to cybersecurity, even the most secure operating systems can be compromised. As APT attackers are constantly evolving their tactics and looking for new weaknesses to exploit, businesses must prioritize the security of their systems. This involves prioritizing employee education and awareness, while providing them with threat intelligence and the latest tools to effectively identify and protect against potential threats.”