Mobile devices are increasingly vulnerable to cyberattacks, and hackers continue to look for new ways to compromise user security. Recently, the Russian cybersecurity company Kaspersky revealed a disturbing incident in which a group of hackers, allegedly linked to a government, attacked the iPhones of several employees with unknown malware.
Operation Triangulation: A high level attack
Kaspersky, renowned for its expertise in computer security, announced the cyberattack and published a technical report analyzing the details of the incident. Although the investigation is still ongoing, the company revealed that the hackers managed to deliver the malware using a technique known as a “zero-click exploit” via an iMessage attachment. Most alarmingly, the entire process occurred within one to three minutes, demonstrating the sophistication and speed of the operation.
A persistent and stealthy threat
Kaspersky’s research team discovered the attack while monitoring its own corporate Wi-Fi network and detected suspicious activity coming from several iOS phones. While the company did not disclose the exact date of the discovery, they noted that it was earlier this year. In addition, they revealed that they found indications of compromise dating back as far as 2019, suggesting that the attack has been ongoing for a long time.
How was the infection identified?
To determine if an iPhone had been compromised, Kaspersky researchers made offline backups of the affected devices and analyzed them using a tool developed by Amnesty International called the Mobile Verification Toolkit (MVT). During the analysis, “traces of compromise” were discovered on the devices, although the company did not provide specific details about the findings.
Indicators of commitment and consequences
According to researchers, one of the most reliable signs of a hacked iPhone is the presence of data usage lines that mention the process called “BackupAgent.” Another indicator is the inability to install iOS updates, resulting in an error message stating “Failed to download iOS”. These details offer important clues to identify whether a device has been compromised.
Implications and possible actors behind the attack
So far, Kaspersky has not attributed the attack to any particular government or hacker group, as the company refrains from making any political attributions. However, Russia’s Federal Security Agency (FSB) has accused US intelligence, specifically mentioning the National Security Agency (NSA), of hacking “thousands” of Apple phones for the purpose of spying on Russian diplomats. . The FSB also accused Apple of cooperating with US intelligence, though it did not present any evidence to support these claims.
This incident highlights the need for greater awareness of mobile device security and the importance of keeping mobile devices up to date with the latest patches and software updates. It also highlights the sophistication of modern cyberattacks, which can compromise devices in a matter of minutes.
It is critical that users stay alert to potential threats and follow good security practices, such as avoiding opening suspicious attachments and using trusted cybersecurity tools. Only through a combination of caution and proper protection measures can we protect our devices and personal data from hacker attacks.
Source: Securelist
