Cyber Security

Connecting the Dots: Kaspersky Reveals In-Depth Insights into Operation Triangulation

69
(source: Kaspersky)

Kaspersky’s Global Research and Analysis Team (GReAT) revealed their investigation process into Operation Triangulation at the Security Analyst Summit.

Earlier this summer, cybersecurity firm Kaspersky discovered an Advanced Persistent Threat (APT) campaign called “Operation Triangulation” that targeted iOS devices. The campaign was found to utilize a highly sophisticated method of distributing zero-click exploits via iMessage, which ultimately allowed the attackers to gain complete control over the device and the user’s data. 

Kaspersky’s GReAT team assessed that the primary goal of this campaign was to conduct covert user surveillance and even Kaspersky’s own staff were potentially affected by the attack. Due to the attack’s complexity and the iOS ecosystem’s closed nature, a cross-team task force dedicated a significant amount of time and resources to conduct a thorough technical analysis.

The company’s experts identified an initial entry point through a font processing library vulnerability. The second, a compelling and trivially exploitable vulnerability in the memory mapping code, allowed access to the device’s physical memory. 

Attackers have recently exploited two additional vulnerabilities to bypass the latest Apple processor’s hardware security features. Researchers have also found that, apart from the ability to remotely infect Apple devices through iMessage without user interaction, the attackers also had a platform for conducting attacks via the Safari web browser. This led to the discovery and resolution of a fifth vulnerability.

The Apple team released security updates to address four zero-day vulnerabilities in response. These were discovered by Kaspersky researchers and were assigned CVE numbers: CVE-2023-32434, CVE-2023-32435, CVE-2023-38606, and CVE-2023-41990. These vulnerabilities affected many Apple products, including iPhones, iPods, iPads, macOS devices, Apple TV, and Apple Watch.

“Operation Triangulation serves as a reminder to exercise caution when handling iMessage attachments from unfamiliar sources. Drawing insights from the strategies employed in Operation Triangulation can offer valuable guidance. Additionally, finding a balance between system closedness and accessibility may contribute to an enhanced security posture,” shared Boris Larin, Principal Security Researcher at Kaspersky’s GReAT.

To learn more about Operation Triangulation, visit Securelist.com. On their website, Kaspersky will provide more technical details in the future, including a comprehensive analysis.

To avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures: 

  • Regularly update your operating system, applications, and antivirus software to patch known vulnerabilities. 
  • Be cautious of emails, messages, or calls asking for sensitive information. Verify the sender’s identity before sharing any personal details or clicking on suspicious links. 
  • Provide your SOC team access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky, spanning over 20 years. 
  • Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
  • For endpoint-level detection, investigation, and timely remediation of incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response
Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Ahead of the Curve: Kaspersky’s Projections for 2024’s Advanced Threats Landscape

Kaspersky Global Research and Analyses Team (GReAT) experts offer insights and projections...

Staff Missteps Equally Damaging As Hacking in APAC, Reveals Kaspersky’s Global Study

According to a study by Kaspersky, insider breaches are as risky as...

Scam Rates Soar: Philippines Leads with Highest Shopping Scam Rate among 11 Asian Nations at 36%

The Cybercrime Investigation and Coordinating Center (CICC) issued a public warning to...

Beware of Online Fake Accounts Using NAIA, Warns Airport General Manager 

General manager Bryan Co of Manila International Airport Authority (MIAA) warns against...