Advanced Persistent Threat Actor Stealing Data from iOS Devices
In the past four years, an advanced persistent threat (APT) actor has been stealing information from iOS devices through a zero-click exploit delivered via iMessage. Russian officials claim that these attacks are the work of the US National Security Agency (NSA), but no evidence has been found to support these claims. A security company, Kaspersky, discovered malware after spotting suspicious activity originating from dozens of infected iOS phones on its own corporate Wi-Fi network. Kaspersky dubbed the campaign “Operation Triangulation” and noted that it is still active. The malware is transmitting various forms of private data to remote command-and-control servers. Kaspersky notes that it’s “quite confident” that the company was not the sole target of the attack.
Russia’s US Spying Allegations
The Federal Security Service of the Russian Federation (FSB) claims that several thousand Apple devices were infected, targeting diplomats from Israel, Syria, China, and NATO members, as well as domestic Russian subscribers. Russia’s foreign ministry said that the US intelligence services used software vulnerabilities in US-made mobile phones to carry out this operation and that the attacks amount to a plot between Apple and the NSA to build a powerful surveillance infrastructure to snoop on those with ties to Russia. Apple denied the existence of any cooperation with any government to insert a backdoor into any of its products. The NSA and Israeli officials declined to comment on the allegations, and Chinese, Syrian, and NATO representatives were not immediately able to comment.
Operation Triangulation
The malware is among a growing number to target iOS devices over the past year, with Apple‘s growing presence in enterprise environments and the use of the multiplatform compatible Go language for malware development being some of the reasons for this trend. Analysts have noted that the technical side of Kaspersky’s analysis of the attack so far is based on its analysis of offline backups of the infected iOS devices on its network using the open source Mobile Verification Toolkit (MVT).
The Attacks on iOS Devices
Kaspersky used MVT on the offline backups to reconstruct the sequence of events leading from initial device infection to device compromise. The company found that the initial infection typically began with the target iOS device receiving an iMessage from a random source, with an attachment containing a zero-click exploit. Upon landing on the device, the iMessage automatically triggers an iOS vulnerability that results in remote code execution on the infected device without any user interaction. The malicious code downloads several other malicious components from remote control servers, including one that allows for privilege escalation and complete device takeover. The researchers have yet to complete their full analysis of the final payload.
Difficulty of Attribution
As for Russia’s allegations of US involvement and secret cooperation, cybersecurity experts say that it is impractical to assign blame to a specific nation-state for such attacks. It is difficult to attribute such attacks to their originators, and any statements to the contrary should be met with skepticism.
Internet Security and Advice
To guard against similar threats, iOS device users should keep their devices up to date with the latest software releases, avoid downloading suspicious files, and limit online activity on unknown networks. Companies should also implement security protocols, such as device monitoring and regular backups, to detect and remediate any threats to their network.
A Philosophical Discussion on Privacy
In light of these cyber-espionage campaigns, privacy remains a critical concern. Privacy is a fundamental right that guarantees confidentiality of personal information, and the protection of privacy by companies and governments should not be taken lightly. The foundation of trust lies in the assurance that our data is safe and secure. It is therefore essential for governments to protect the privacy of their citizens, and companies to implement strict data protection regulations to ensure that privacy is protected at all times.
Editorial
The news of ongoing cyber-espionage campaigns should serve as a warning to nations and individuals who underestimate the dangers of online privacy breaches, and as a reminder to prioritise privacy and security at all levels of society. This development highlights once again, the need for governments and international organisations to redouble their efforts to promote and enforce cybersecurity policies and regulations that protect the privacy of individuals and states, both domestically and internationally.
<< photo by Bernard Hermant >>
You might want to read !
- Managing Security, Privacy, and Trust: Insights for CISOs
- “Is the Healthcare Industry Prepared for the Growing Threat of Ransomware Attacks?”
- “Idaho Hospitals Ramp Up Efforts to Recover from Crippling Cyberattack”
- The Politics Behind Tech Giants in the Age of Cyber Espionage
- Google’s Controversial Decision to Offer $180K for a Full Chain Chrome Exploit
- “Cyversity and United Airlines partner to boost cybersecurity education with scholarship program”
- Russia accuses US Intelligence of orchestrating iOS Zero-Click Attacks
- The Alleged Connection Between Apple, NSA, and iPhone Surveillance: Russia’s Accusations.
- The Implications of the Alleged Windows “Backdoor” for Gigabyte Motherboards
- University Cybersecurity Clinics: A New Weapon to Combat Ransomware in Cities
