The important Russian cybersecurity company, Kaspersky, has revealed that an unknown government-backed group has attacked the iPhones of several dozen employees with malware.
The attack was carried out through a “zero-click” exploitation via an iMessage attachment, exploiting vulnerabilities, including one that Apple had fixed in December 2022.
Kaspersky researchers discovered the attack earlier this year while monitoring their own Wi-Fi network, which they dubbed “Operation Triangulation.”
They found traces dating back to 2019, with the most recent targets being those using iOS 15.7.
Although the malware was designed to erase its tracks, the compromised devices can still be identified. Kaspersky shared their findings and analysis in a technical report but did not attribute the operation to any specific threat source.
The company communicated with Apple before publishing the report and stated that it was not the primary target of the cyberattack.
Kaspersky had previously been targeted by a state-backed hacker group in 2015, which used malware believed to have been developed by Israeli intelligence.
Apple has not provided additional statements regarding the attack. Eugene Kaspersky, the company’s founder, assured that more information will be provided in the coming days.
Source: Kaspersky
