Infected devices are also unable to update to the latest version of iOS. Malicious activity can be identified in network traffic including network interaction between iMessage and the domain ‘*.’, connections to a series of known C2 domains, or the download of an encrypted, 242 Kb iMessage attachment.Īnother indicator of compromise for Operation Triangulation that has already been found is the appearance of a process titled ‘BackupAgent’ in a device’s data usage lines.
Kaspersky Lab discovered Operation Triangulation while conducting a scan of its Wi-Fi network traffic. This allows it to run code with root privileges, in which the malware effectively gains total control over a system with the power to amend or remove even core system files. “The purpose of the attack is the inconspicuous placing of spyware into the iPhones of employees of at least our company – both middle and top management.”Īlthough the closed nature of iOS has impeded efforts to analyze the Triangulation payload, initial research showed that it exploits iOS flaws to perform privilege escalation. “Our experts have discovered an extremely complex, professional targeted cyberattack that uses Apple’s mobile devices,” wrote Kaspersky Lab CEO Eugene Kaspersky. This exfiltrates personal data, microphone recordings, geolocation information, and photos sent on messaging apps. Once active, the package connects to the attackers’ command and control (C2) server to download a much larger payload.
0 kommentar(er)
