Operation Triangulation

Description

(Kaspersky) While monitoring the network traffic of our own corporate Wi-Fi network using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we discovered a previously unknown mobile APT campaign targeting iOS devices. The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data. We are calling this campaign “Operation Triangulation”.

This is an ongoing investigation, the amount of material we collected is substantial and will take time to analyze. Given the complexity of the attack, we are confident that we are not the only target, and invite everyone to join the research.

Names

Name	Name-Giver
Operation Triangulation	Kaspersky

Country

Unknown

Motivation

Information theft and espionage

First Seen

2023

Tools

TriangleDB

Information

https://securelist.com/trng-2023/
https://securelist.com/operation-triangulation/109842/
https://securelist.com/find-the-triangulation-utility/109867/
https://securelist.com/triangulation-validators-modules/110847/
https://securelist.com/operation-triangulation-catching-wild-triangle/110916/
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

Other Information

Uuid

015b1a7a-7af1-4d86-8ae2-5f5f5b4ef161

Last Card Change

2024-01-17

Threat Intelligence Garden

Explorer

Operation Triangulation

Operation Triangulation

Description

Names

Country

Motivation

First Seen

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks