Researchers at the Russian cybersecurity giant Kaspersky have issued a warning concerning what they say is an ongoing attack campaign exploiting a zero-click, zero-day iMessage vulnerability. This previously unknown vulnerability enables code-execution, including, the researchers say, “additional exploits for privilege escalation.” The malicious iMessage attachment uses “a number of vulnerabilities in the iOS operating system” and executes that attachment to install spyware, according to a posting on Eugene Kaspersky’s blog.
The Russian FSB security service says Russian citizens as well as diplomats have been affected by the vulnerability, and it has accused Apple and the U.S. National Security Agency (NSA) of being behind the attacks, something that Apple has denied.
Operation Triangulation Attacks Ongoing
The campaign, which Kaspersky has named Operation Triangulation, requires no user interaction. As such, this falls into the most critical of attack methodologies. Just the act of sending the malicious iMessage, which includes an attachment containing the exploit, triggers the vulnerability.
Rather disconcertingly, Kaspersky researchers say they have traced the earliest example of the attack back to 2019. As of yesterday, they also confirm that attacks are still ongoing.
Discovery Of The Zero-Click Attack
The security researchers became aware of the suspicious activity while monitoring devices, including a number of iPhones, using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).
The traces of compromise were confirmed after researchers created offline backups of the iPhones in question and inspected them with a mobile verification toolkit. This found that the final payload was downloaded from a “fully-featured” advanced persistent threat (APT) platform. It has yet to be confirmed, however, the precise nature of that payload.
We understand that it runs using root privileges and drops a set of commands that can be used to collect both system and user information. Posting on Twitter, Kaspersky founder Eugene Kaspersky said that the attack “transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation and data about a number of other activities.”
Russia Suggests Attacks Are Backdoor For NSA Spies
While there is no firm evidence currently as to who is the target of this campaign, the Russian FSB security service has already claimed that thousands of Russians, including both ordinary users and foreign diplomats based in Russia, have been compromised. While Kaspersky has made it clear that it cannot make any kind of attribution at this time, the FSB lays the blame firmly at the door of the NSA and Apple working in cahoots. Apple has made it equally clear that it has “never worked with any government to insert a back door into any Apple product.”
How To Mitigating An Attack
Luckily, it seems like a fairly easy exploit to mitigate, as Kaspersky researchers have found no devices running iOS versions later than 15.7 that have been compromised. It is, therefore, quite possible that the vulnerability being exploited has been patched in later iOS versions.
My advice would be, therefore, the same as always when it comes to operating system platforms: update as soon as they are released. Currently, that would be iOS 16.5, and I would check to make sure your iPhone has, indeed, been updated. All of that said, it should also be pointed out that just because no compromised iPhones using iOS 16.5 have been discovered, that doesn’t mean it is a 100% out of the question they could have been or will be in the future.
Update: Kaspersky has now released a ‘Triangle Check’ tool to look for evidence of compromise on their devices. “With cross-platform capabilities, the “triangle_check” allows users to scan their devices automatically,” Igor Kuznetsov, head of the EEMEA unit at Kaspersky Global Research and Analysis Team (GReAT), said. “We urge the cybersecurity community to unite forces in the research of the new APT to build a safer digital world.”
Before using it, however, the user needs to make a backup of the device to be made and the tool then runs a scan of this backup. Triangle Check is available for Windows, MacOS and Linux users, and can be found here.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
