Kaspersky Reports Latest Selular APT Targeting IOS

APT campaign illustration in iOS (photo: Kaspersky)

JAKARTA - Early June, Kaspersky reported on a new mobile APT targeting iOS devices. Where the campaign uses clickless exploits sent via iMessage to install malware and gain full control over users' devices and data, with the ultimate goal of spying on users in a hidden way.

Apart from Kaspersky employees themselves, company researchers believe that the scope of the attack has not only targeted organizations but has exceeded that. Sure enough, after further analysis, researchers found that threat actors had targeted iOS devices from dozens of company employees.

Investigations of attack techniques are still ongoing, but so far Kaspersky researchers have been able to identify a sequence of infections in general. Starting from victims receiving messages via iMessage with attachments containing clickless exploits.

The message then triggered a vulnerability that led to the execution of the code for increased privileges and gave full control over the infected device. After the attacker managed to confirm its presence on the device, the message was automatically deleted.

Furthermore, spyware secretly sends personal information to remote servers: including microphone recordings, photos from instant messages, geolocations, and data about a number of other activities from infected device owners.

During the analysis, Kaspersky ensured that there was no impact on the company's products, technology, and services, and no user data or important processes of the company were affected. Strikers can only access data stored on infected devices.

While uncertain, it is believed that the attack was not specifically targeted at Kaspersky, the company found it for the first time. Most likely at a time, this cyber threat will show its global existence.

In terms of cybersecurity, even the safest operating system can be compromised. As APT players continue to develop their tactics and look for new weaknesses to exploit, businesses must prioritize the safety of their systems. This involves prioritizing employee education and awareness, as well as arming them with the latest intelligence and threat tools to effectively recognize and survive potential threats," said Igor Kuznetsov, head of EEMEA unit at Kaspersky Global Research and Analysis Team (GREAT).

"Our investigation into Triangulation operations continues. We hope more details on it will be shared soon, as there may be targets of this spy operation beyond Kaspersky." he added.