Headlines

Russia accuses US Intelligence of orchestrating iOS Zero-Click Attacks

Russia accuses US Intelligence of orchestrating iOS Zero-Click Attackscybersecurity,Russia,US,intelligence,iOS,zero-clickattacks,hacking
Russian cybersecurity firm Kaspersky has publicly disclosed an advanced persistent threat (APT) actor launching zero-click iMessage exploits on iOS-powered devices in its corporate network. This came on the same day that Russia‘s Federal Security Service (FSB) blamed US intelligence agencies for an ongoing spy campaign targeting thousands of iOS devices belonging to domestic subscribers and foreign diplomatic missions. iPhones belonging to diplomats from NATO countries, China, Israel and Syria were infected as part of what the FSB alleges was a reconnaissance operation by American intelligence services. Kaspersky has identified attacks going back as far as 2019 and has made available details on its forensic investigation methodology, along with device and network indicators of compromise (IoCs) and command and control (C&C) domains. It has so far determined that the attack involves a zero-click exploit launched by a remote-code execution vulnerability that delivers an attachment that is automatically triggered without any user interaction, downloading other components from a C&C server. The final payload is a fully featured APT platform that runs with root privileges. The malicious toolset does not support persistence, but devices may be reinfected after rebooting. 

Editorial: Cyber-Warfare Ramped Up

The latest accusations between Russia and the United States come as no surprise, nor does the fact that cyberattacks appear to be the latest weapon in this ongoing conflict. But while this is one of the more dramatic examples to date of the geopolitical escalation of cyberwarfare, it is not the first, and unfortunately it will not be the last. This specific incident began with iPhones belonging to diplomats, and it is unclear how broadly these attacks spread. What is very clear, however, is that the allegations and counter allegations indicate that behind the scenes, nations are fully engaged in the use of cyberspace for the purposes of espionage, subterfuge, and sabotage. These attacks target not only critical infrastructure but also individuals of strategic relevance, such as diplomats and those in related fields. The consequences of a successful attack against an unexpectedly vulnerable system, network or individual can be devastating, particularly when linked to issues of international security. The aim remains to gain a tactical or strategic advantage, but the shift towards weaponisation of cyberspace entails ever-increasing risks to civilian populations and civilians who are either unintended targets or victims of collateral damage.
 

Internet Security

This article highlights the growing importance of internet security on a personal and national level. The sophistication of attacks means that individuals and organisations must exercise constant vigilance, keeping passwords secure, installing the latest software and patches, as well as regularly updating their security systems. Nation states may have more resources at their disposal, but the same principles apply, and both are targets for the increasing number of cybercriminals. With cyberwarfare increasingly being adopted as a tool of statecraft and intelligence gathering by nation states, the risks to the general public increase correspondingly. Therefore, individuals’ awareness of cybersecurity and their on-going digital well-being cannot be an after-thought but must be at the forefront of their minds.

Advice for organisations and individuals:

All individuals, organisations, and governments must practise good internet hygiene. This includes measures such as:

• Updating your software regularly and applying patches
Using strong passwords for all online accounts
• Turning off your Wi-Fi and Bluetooth connection on any portable device when not in use
• Installing robust antivirus and anti-malware software
• Restricting personal data online
Using two-factor authentication wherever possible
• Employing strict security protocols for devices and networks
• Finally, if in doubt about any message, attachment or contact received online, do not open or act on it. 

Cybersecurity.-cybersecurity,Russia,US,intelligence,iOS,zero-clickattacks,hacking


Russia accuses US Intelligence of orchestrating iOS Zero-Click Attacks
<< photo by Tima Miroshnichenko >>

You might want to read !