Researchers at Kaspersky Lab have discovered an “extremely complex, professional targeted cyberattack” where an iMessage attachment is used to deliver a malicious payload. The attachment executes a code and installs spyware on targeted devices without user interaction.
In a report on June 1, Kaspersky researchers said they discovered the iOS hacking campaign — dubbed “Operation Triangulation” — while monitoring traffic from the company’s WiFi network. Kaspersky has confirmed that several of its senior employees were targeted.
“We’re confident that Kaspersky was not the main target of this cyberattack,” Eugene Kaspersky, CEO of Kaspersky, said in a blog post. The full scope of this attack remains unknown.
The Triangulation spyware operates automatically and silently, siphoning user data to remote servers. It also erases its tracks to avoid detection.
Kaspersky has assured its clients that its business processes and user data remain unaffected by the spyware incident and that the threat has been neutralized within its systems.
Stealth Spyware Steals Personal Data
According to Kaspersky’s report, the attack takes advantage of vulnerabilities in the iOS operating system to install the spyware and operate hidden in the background. It also disables iOS from receiving updates.
Once installed, this spyware steals private information such as audio recordings, location info, photos from messenger apps, and other data. This data is relayed to remote servers controlled by the hacker.
Kaspersky researchers said the spyware could remain on a device for years.
“This operating system is a “black box,” in which spyware like Triangulation can hide for years. Detecting and analyzing such threats is made all the more difficult by Apple’s monopoly of research tools — making it a perfect haven for spyware,” Kaspersky’s CEO wrote.
Deleting the spyware doesn’t eliminate it, as devices are reinfected after a reboot, the researchers explained. The only way to remove the spyware from an infected device is by doing a factory reset and installing the latest version of Apple’s iOS operating system.
“The oldest traces of infection that we discovered happened in 2019,” Kaspersky said in its report.
While the latest version of the iOS targeted by the spyware is iOS 15.7, Kaspersky researchers said they couldn’t rule out the possibility that newer versions of the operating systems, like iOS 16, are also susceptible to this attack.
Defending Against the Triangulation Spyware
Kaspersky has released instructions to guide tech-savvy users to check if their devices are affected.
- Back up your iPhone.
- Use Kaspersky’s backup scanner tool, which is available for macOS, Windows, and Linux devices.
- If there is an infection, reset to factory settings, install the latest iOS, and restore your data from a backup.
To learn more about spyware and how to protect yourself from this threat, we recommend reading our guide to protecting your devices from spyware.
Kaspersky’s research into the Triangulation spyware is still ongoing. The company said it would share more information on its website and at the upcoming Kaspersky Security Analyst Summit in October.
