Operation Triangulation What You Get When Attack iPhones of Researchers [video]
media.ccc.deThanks! Expanded list:
Kaspersky discloses iPhone hardware feature vital in Operation Triangulation - https://news.ycombinator.com/item?id=38801275 - Dec 2023 (52 comments)
4-year campaign backdoored iPhones using advanced exploit - https://news.ycombinator.com/item?id=38784073 - Dec 2023 (7 comments)
Operation Triangulation: What you get when attack iPhones of researchers - https://news.ycombinator.com/item?id=38783112 - Dec 2023 (371 comments)
How to catch a wild triangle - https://news.ycombinator.com/item?id=38034269 - Oct 2023 (43 comments)
Scan iPhone backups for traces of compromise by “Operation Triangulation” - https://news.ycombinator.com/item?id=36164340 - June 2023 (153 comments)
Targeted attack on our management with the Triangulation Trojan - https://news.ycombinator.com/item?id=36161392 - June 2023 (126 comments)
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware - https://news.ycombinator.com/item?id=36154455 - June 2023 (41 comments)
Operation Triangulation: iOS devices targeted with previously unknown malware - https://news.ycombinator.com/item?id=36151220 - June 2023 (31 comments)
Others?
The lack of attribution on this organized and well-financed operation is the most concerning part of this attack, in my opinion. It seems unlikely that any APT would burn ALL of its 0-days for the iOS platform in one campaign, so they likely have more which they can pivot to. Of course there are 3 nation-states who are most likely to be behind this operation, but which one was it? If possible, we should be looking for other victims of this attack using the IOCs discovered at Kaspersky. If we find other instances of this attack on Taiwanese government officials or members of the Uighur population, for instance, that would be a smoking gun for attributing it to one particular nation. Finding traces of this attack on the devices of Ukrainian government officials would point in a different direction. Either way, we need to be able to attribute this attack, and the other victims of this APT might not know to check themselves for indicators. Does anyone here know if there are efforts by cybersecurity researchers to uncover other victims of this attack in vulnerable or potentially targeted communities?
Is there an "everyone knows but nobody says" dynamic here, like if the tea comes from Mandiant/CrowdStrike it's about Russia, if it comes from Kaspersky it's about NSA, etc?
You can bet that if Kaspersky dares to uncover this in that much detail and with so much publicity, then revealing those details doesn’t go against the interests of the Russian state. (Which, to be very clear, is not the same thing as suggesting Kaspersky is an actor of the state. Just that they would wisely think twice about revealing attacks from a certain direction.)
There are generally 4 major cyber powers that I consider when hearing about new advanced techniques / applications / threats: USA, Russia, Israel, China (in roughly that order). Israel is obviously complicated because historically a lot of their work has been in partnership with the USA, but that seems to be mildly less the case these days.
> Israel is obviously complicated
They also have a large and profitable industry selling state of the art tools to authoritarian regimes/dictators to target democracy activists and journalists.
But would they sell to Russia/China which is in opposition to their biggest sponsor - the USA? The answer is obviously: if they can get away with it. Personally it seems more likely to be US but that's just a gut feeling.
So does every other industrialized country.
Source? I've not heard of an NSO Group equivalent in any other country.
How much attention do you pay to the space? (I'm asking sincerely.)
Perhaps not enough. I've certainly heard of shady companies, but I simply am not aware of a direct analogue to NSO Group. I am curious if you know of one!
I could be very wrong, but I feel Israel’s cybersecurity tech is more advanced than Russia (could be my western programming lol)
When you look at home media, every major development has been Russian.
Software for cracking Blu-rays? Russia was first.
Software for cracking 4K UHD Blu-rays? Russia was first.
Software for cracking Nintendo Switch games (DBI)? Russia was first.
The new flash-cart for the Switch, assuming it's legit? Russia.
The only hacker left who can crack Denuvo video games? Russian.
Necessity is the mother of all invention. This could just be related to socioeconomic factors.
A dysfunctional criminal justice system probably doesn't hurt either.
> A dysfunctional criminal justice system probably doesn't hurt either.
Actually, I would argue that a system that allows DRM cracking is far more functional than the one we have in the west.
You're comment history doesn't suggest that you're a Russian troll, so my interpretation is that you're making a pointed remark that you either don't really mean or perhaps haven't fully thought through. So without meaning any offense, let's pick this apart.
To be fair, I disagree with my country's cracking laws as well. We should do better here, the right to one's data is an important freedom. I support the fight for saner copyright laws.
But let's also be real: There's no universe where that injustice somehow outweighs the entirety of human rights violations that go on inside Russia. Persecution of minorities, decriminalization of domestic violence, torture in prisons. Just to name a few.
Western copyright laws aren't good. But there are worse fates in life than not being able to watch old blu-rays.
I was intentionally ignoring any other aspect of their criminal justice system in writing that comment. I absolutely condemn Russia for many reasons, including their human rights violations.
France and the UK are also world class. Anyone else?
Imo the siloing / rehacking smacks of multiple contractors being coordinated by a government agency.
The contractors don't want to share 0days, so the hack boundary handoffs between contractors seems apparent to me.
That would suggest US or Israeli sourcing, or maybe Saudis who are eager buyers of Israeli hacking products
The Dutch have a few high profile hacks I’ve read about. Including literally watching the Russians hack the DNC.[1]
[1] https://www.washingtonpost.com/news/worldviews/wp/2018/01/26...
Agree that its concerning regarding the lack of attribution especial given the complexity.
If I had to guess...and this is a wild guess and in no way based on hard evidence....but I think the true value would be using this as a vector to bypass 2fa or MFA for attacks on a supply chain. Chaining exploints isn't a new concept...hell I had a similar idea years ago regarding chaining cve's to create a better more fluid escalation of privileges. The concerning thing is these were 0days from the brief reading I did, and exploited hardware vulnerabilities.
IMO hardware is the best target because few people are going to rip apart the device to look at chips...and even if they did they would need a metrology or lithography lab to find a backdoor in a part of a CPU or other component. Just because the part was shipped from the factory and the factory made it correctly, if someone could compromise a basic part of the chip then its all over and you really have to spend your time looking for these things. Example would be the BMC on your dell server gets backdoored or editing a snippet of microcode that these chip makers do not publicly document.
Seems unlikely that they would blow so many 0days so recklessly just to infect the iPhone to get data....when it could be used for so much more.
If this is a nation state actor....chances are they can just buy the data via third party or could have forced apple to turn over the icloud data or just caught it via intercepting the undersea cables and the their 1 isp's
Unless I'm missing something.....and this was used go after a really critical target that was hard to compromise and as a result, once they got the Intel they wanted they might have just used it willy nilly or have considered the 0days as lost if they had compromised a foreign nation state or person of interest and figure since they used the exploit....their advisary will discover it sooner or later
If I were in charge, I would attack 90% Taiwanese and 10% of my real target. And I would leave Chinese comments everywhere. So I doubt you can point fingers so easily. These are some smart people.
CIA already had that, it's called Marble Framework, it's used to attribute their malware to other nations.
https://freedomhacker.net/vault-7-marble-framework-cia-evade...