Operation Triangulation campaign’s covert measures detailed

Significant stealth capabilities have been exhibited by threat actors behind the Operation Triangulation campaign, which emerged in June and involved the exploitation of Apple iOS zero-day vulnerabilities to facilitate the deployment of the TriangleDB backdoor for data exfiltration, has been discovered to exhibit significant stealth capabilities, The Hacker News reports. After securing root privileges on targeted iOS devices, attackers have been deploying the JavaScript Validator and Binary Validator payloads to identify the association of targeted devices with a research environment before leveraging the kernel flaw, tracked as CVE-2023-32434, to launch the TriangleDB backdoor, according to a Kaspersky report. Further analysis showed that Binary Validator enabled the removal of crash logs to conceal evidence of attacks and the erasure of malicious iMessage attachments used in the operation's phishing emails, as well as the gathering of certain device information and activation of personalized ad tracking. "The adversary behind Triangulation took great care to avoid detection. The attackers also showed a great understanding of iOS internals, as they used private undocumented APIs in the course of the attack," said researchers.