Russia accuses the U.S. of mass spying
Operation Triangulation boasts of a fully-featured APT platform
Russian’s Federal Security Service (FSB) has accused American intelligence agencies and Apple of colluding together to backdoor iPhones to spy on “thousands” of devices. The alert coincided with a report from Kaspersky, which detailed a sophisticated spyware, that once planted on the phone, is capable of harvesting all user data.
The spyware, the Russian antivirus vendor said, was discovered after spotting suspicious activity originating from dozens of infected iOS phones on its own corporate Wi-Fi network. The company’s investigation into the malicious activity, which has been codenamed Operation Triangulation, is ongoing.
Apple denied the allegations, stating that it has “never worked with any government to insert a backdoor into any Apple product and never will.”
While this isn’t the first time the U.S. government has been accused of exploiting security flaws for espionage purposes, Kremlin is yet to offer concrete proof of its claims. That said, there’s good reason to suspect a state-sponsored involvement given the complexity of the campaign, which has been ongoing since November 2019.
The attack chain detailed so far is based on offline backups taken from the infected iOS devices, enabling Kaspersky to reconstruct the sequence of events that detonate the advanced spyware for extracting sensitive information.
It all begins with the target iOS device receiving an iMessage from an unknown source, with an attachment containing a zero-click exploit that gets automatically triggered without any user interaction.
This leads to a total compromise of the phone via malicious components downloaded from a remote server. Once the malware takes complete control of the device, the iMessage and the attachment that enabled its presence on the device is deleted. Kaspersky has made available a tool to check for indicators of compromise (IoCs).
The development signals not only the growing spyware threat, but also the increasing number of malicious tools that are designed to target iOS and macOS devices in recent years, in part bolstered by the adoption of cross-platform languages like Golang and Rust for malware development.