Comments on: Operation Triangulation: iOS devices targeted with previously unknown malware https://securelist.com/operation-triangulation/109842/ Tue, 20 Jun 2023 09:09:51 +0000 hourly 1 https://wordpress.org/?v=6.2.2 By: Tibor Forrai https://securelist.com/operation-triangulation/109842/#comment-3542371 Tue, 20 Jun 2023 09:09:51 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3542371 Hello, how come there is no further information after almost 3weeks?

]]>
By: Securelist https://securelist.com/operation-triangulation/109842/#comment-3539946 Tue, 13 Jun 2023 11:13:49 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3539946 In reply to JW.

The malicious message is malformed and does not trigger any alerts or notifications for user

]]>
By: JW https://securelist.com/operation-triangulation/109842/#comment-3539313 Sun, 11 Jun 2023 03:31:24 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3539313 Doesn’t the malicious message with an attachment trigger an alert if you have them enabled? I am wondering how this is 0-click without user interaction, if the device shows an alert and/or vibrates when a message comes in

]]>
By: Mohamed Arafa https://securelist.com/operation-triangulation/109842/#comment-3538693 Wed, 07 Jun 2023 00:15:01 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538693 First thank you Kasper Team for this great summary. actually include all what happen by easy way that really very simplify my problem that i was not understood since 4 months ago till last few hours , although contacted Apple team many times ,

unfortunately the problems still at ios 16 for sure as you advised due to wrong backup or recovery as we never guess that apple ID may be hacked ,

we are kindly ask you to advised us if there Kasper tool or support team can explore who is hacking us ? or is there exeperts can help us by provide them the analytic data ? what ever it`s cost , we trust kasper team as always will support

]]>
By: Securelist https://securelist.com/operation-triangulation/109842/#comment-3538622 Mon, 05 Jun 2023 17:10:39 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538622 In reply to Artur.

Most probably, Lockdown Mode can help protecting against this attack.

]]>
By: Securelist https://securelist.com/operation-triangulation/109842/#comment-3538617 Mon, 05 Jun 2023 15:18:56 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538617 In reply to Forrai Tibor.

Our investigation of this attack is ongoing. All the related information will be posted on the Operation Triangulation page soon: https://securelist.com/trng-2023/

]]>
By: Securelist https://securelist.com/operation-triangulation/109842/#comment-3538615 Mon, 05 Jun 2023 14:58:32 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538615 In reply to Timothy Avele.

During the research we have not observed exploits for Android.

]]>
By: Securelist https://securelist.com/operation-triangulation/109842/#comment-3538613 Mon, 05 Jun 2023 14:43:53 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538613 In reply to Artur.

Hi Artur!

Kaspersky cybersecurity experts identified that the latest version of iOS that was targeted by Triangulation is 15.7. However, given the sophistication of the cyberespionage campaign and the complexity of analysis of iOS platform, the further research may reveal more details on the matter. We will update the community about new findings once they emerge.

]]>
By: Securelist https://securelist.com/operation-triangulation/109842/#comment-3538612 Mon, 05 Jun 2023 14:38:38 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538612 In reply to JJ.

Hi JJ

Yes. We have shared information with the Apple Security Research team.

As of time of writing we were able to identify one of many vulnerabilities that were exploited that is most likely CVE-2022-46690. This vulnerability was fixed in iOS 16.2. However, given the sophistication of the cyberespionage campaign and the complexity of analysis of the iOS platform, further research will surely reveal more details on the matter. We will update the community about new findings once they emerge.

As to rebooting, Triangulation blocks the opportunity to update iOS which means that even if the device is rebooted it still has an opportunity to re-infect it. A factory reset combined with the immediate system update would solve the problem.

]]>
By: Forrai Tibor https://securelist.com/operation-triangulation/109842/#comment-3538484 Sun, 04 Jun 2023 20:56:56 +0000 https://kasperskycontenthub.com/securelist/?p=109842#comment-3538484 Dear KL analysts,
Could you share Triangulation malware file SHA-1 or SHA-256 checksums, besides the already published spear-phishing domain names?
Thanks in advance!

]]>