Specialized for Apple’s Mobile Devices
Security experts have uncovered an advanced, targeted cyberattack that leverages Apple’s mobile devices. The attack, named “Triangulation,” is aimed at planting covert spyware into the iPhones of employees of certain companies, including middle and top management personnel.
The cyberattack employs an invisible iMessage carrying a malicious attachment. Utilizing multiple vulnerabilities within the iOS operating system, the attachment is executed on the device, stealthily installing the spyware. This occurs without the need for user action. Once in place, the spyware discreetly relays sensitive data back to remote servers, including microphone recordings, instant messenger photos, geolocation, and other user activity data.The proprietary nature of iOS makes the detection and removal of this spyware particularly challenging, requiring the use of external tools. A vital sign of the Triangulation presence is disabling iOS updates on the infected device. Additionally, a device backup should be made and checked using a unique utility for a more definitive infection confirmation. Kaspersky is also in the process of developing a free detection tool.
Unfortunately, due to the specific way the spyware blocks iOS updates, there is currently no effective method to remove the Triangulation without losing user data. The only recourse is to reset the infected iPhones to factory settings and install the latest version of the operating system and the entire user environment anew. This is crucial as the spyware can re-infect through vulnerabilities present in an outdated iOS version.The attack’s sophisticated nature is such that it remained largely undetected until anomalies within the network originating from Apple devices were picked up by Kaspersky’s Unified Monitoring and Analysis Platform (KUMA), a native Security Information and Event Management (SIEM) solution. Subsequent investigations revealed that several dozen iPhones belonging to senior employees were infected with the spyware.
Kaspersky is still investigating this incident, with more information to be shared in a dedicated post on Securelist. They anticipate further details on the global proliferation of this spyware will emerge in the coming days. Despite being targeted in this attack, Kaspersky stresses they were not the primary objective and assures their business processes and user data remain unaffected.
C2 Domains For Triangulation Trojan Attack
The source is SecurceList.
addatamarket[.]net
backuprabbit[.]com
businessvideonews[.]com
cloudsponcer[.]com
datamarketplace[.]net
mobilegamerstats[.]com
snoweeanalytics[.]com
tagclick-cdn[.]com
topographyupdates[.]com
unlimitedteacup[.]com
virtuallaughing[.]com
web-trackers[.]com
growthtransport[.]com
anstv[.]net
ans7tv[.]net
It Is Not First Spyware For iMessage: Pegasus Spyware
Citizen Lab digital security researchers have detected a new zero-click iMessage vulnerability, which is used to install Pegasus spyware on the iPhone devices of Catalan politicians, journalists, and activists.
Pegasus is developed by the Israeli firm NSO and marketed to governments as licensed software for investigating terrorist activities. With Pegasus spyware, attacks were carried out on high-level authorities of many states such as the United Kingdom and Finland.
Between 2017 and 2020, it was observed that Pegasus targeted at least 65 people by exploiting the Kismet iMessage vulnerability and a vulnerability in Whatsapp. Many people are among the recently observed campaign targets, such as Catalan members of the European Parliament, heads of state, judges, lawyers, and journalists… [Read More]
How Can Brandefense Help You?
Our innovative service offers a range of benefits that can help you stay ahead of cybercriminals and protect your brand reputation. With early detection of cyber threats, you’ll have more time to respond and prevent potential data breaches or other attacks. Our dark web monitoring can enhance your overall security posture and protect your sensitive data and assets.
Brandefense Dark Web Monitoring Solution
Early Detection of Cyber Threats: Dark web monitoring allows businesses to detect cyber threats early on, giving them more time to respond and prevent potential data breaches or other attacks.
Enhanced Security: By monitoring the dark web for potential threats, businesses can stay ahead of cybercriminals and protect their sensitive data and assets.
Brand Protection: Dark web monitoring can also help businesses protect their brand reputation by detecting any attempts to sell counterfeit products or impersonate their brand.
Cost-Effective: The cost of a data breach can be substantial in terms of financial losses and damage to brand reputation. Dark web monitoring is a cost-effective way to mitigate these risks and prevent costly cyber attacks.
Contact us today to learn more about how Brandefense’s dark web monitoring service can help you protect your business and achieve peace of mind.