At a glance.
- Zero-click exploit affects iPhones belonging to Kaspersky employees.
- BlackBasta decryptor.
- Chinese spy balloon communicated via a US ISP.
- Amnesty International reports Pegasus use in India.
- Cyber Toufan claims attacks against Israeli targets.
- An assessment of Iranian cyberattacks against control systems.
- GRU cyber campaign incorporates novel malware.
- NoName057(16) claims New Year's Day attacks against Finnish targets.
- Ukraine considers legislation to bring hackivists into its reserve forces.
Zero-click exploit affects iPhones belonging to Kaspersky employees.
Ars Technica reports that iPhones belonging to Kaspersky employees were targeted by an advanced exploit over the course of four years. Ars Technica says “the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.”
Kaspersky researcher Boris Larin told the publication, “The exploit's sophistication and the feature's obscurity suggest the attackers had advanced technical capabilities. Our analysis hasn't revealed how they became aware of this feature, but we're exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.” "Triangulation," as Kaspersky calls both the campaign and the malware it distributed, seems to have been active since 2019 at least.
Russia’s FSB has for some time accused Apple of colluding with the US NSA. In this case, however, Kaspersky explicitly declined to make any attribution, telling Ars Technica, “Currently, we cannot conclusively attribute this cyberattack to any known threat actor. The unique characteristics observed in Operation Triangulation don't align with patterns of known campaigns, making attribution challenging at this stage.”