Apple Zero-Days, iMessage Used in 4-Year, Ongoing Spying Effort


Protect Your Access to the Internet

For at least the past four years, an advanced persistent threat (APT) actor has been covertly stealing information from iOS devices belonging to an unknown number of victims, using a zero-click exploit delivered via iMessage. Russia’s top intelligence apparatus, the Federal Security Service of the Russian Federation (FSB), is alleging that the attacks are the work of the National Security Agency (NSA) in the United States, and that they have affected thousands of Russian diplomats and others. So far, there’s no evidence to support those claims.

What can be confirmed is the fact that researchers from Kaspersky discovered the malware after spotting suspicious activity originating from dozens of infected iOS phones on its own corporate Wi-Fi network. The company’s ongoing investigation of the campaign — which is still active, researchers stressed — showed the malware is quietly transmitting microphone recordings, photos from instant messages, the user’s geolocation and other private data about the owner to remote command-and-control (C2) servers.

Kaspersky said that it’s “quite confident” that the company was not the sole target of Operation Triangulation, as it has dubbed the campaign. The security vendor is currently working with other researchers and national computer emergency response teams to understand the full scope of the attack and notes that for now, attribution is difficult. 

“We’re awaiting further information from our colleagues from national CERTs and the cybersecurity community to understand the real exposure of this espionage campaign,” Igor Kuznetsov, head of the EEMEA unit at the Kaspersky Global Research and Analysis Team, tells Dark Reading. “Although not certain, we believe that the attack was not targeted specifically at Kaspersky the company’s just first to discover it.”

He adds, “Judging by the cyberattack characteristics, we’re unable to link this cyberespionage campaign to any existing threat actor.”

Further, “It’s very hard to attribute anything to anyone,” Kuznetsov told Reuters in specific response to Russia’s US spying allegations.

Russia’s Claims of US Spy Plot

For its part, the FSB said in a media statement that the spyware…