Threat Intelligence, Endpoint/Device Security, Vulnerability Management

Operation Triangulation campaign’s covert measures detailed

Significant stealth capabilities have been exhibited by threat actors behind the Operation Triangulation campaign, which emerged in June and involved the exploitation of Apple iOS zero-day vulnerabilities to facilitate the deployment of the TriangleDB backdoor for data exfiltration, has been discovered to exhibit significant stealth capabilities, The Hacker News reports. After securing root privileges on targeted iOS devices, attackers have been deploying the JavaScript Validator and Binary Validator payloads to identify the association of targeted devices with a research environment before leveraging the kernel flaw, tracked as CVE-2023-32434, to launch the TriangleDB backdoor, according to a Kaspersky report. Further analysis showed that Binary Validator enabled the removal of crash logs to conceal evidence of attacks and the erasure of malicious iMessage attachments used in the operation's phishing emails, as well as the gathering of certain device information and activation of personalized ad tracking. "The adversary behind Triangulation took great care to avoid detection. The attackers also showed a great understanding of iOS internals, as they used private undocumented APIs in the course of the attack," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.