During a four-year period, cyber-attackers backdoored dozens of iPhones, many belonging to Moscow-based employees of cybersecurity firm Kaspersky, to gain an extraordinary level of access by manipulating a vulnerability in an undocumented hardware feature that few knew about. Kaspersky named this malware and campaign "Triangulation." According to Kaspersky researcher Boris Larin, "The exploit's sophistication and the feature's obscurity suggest the attackers had advanced technical capabilities. Attackers distributed infections via iMessage texts, and malware was installed via a complex exploit chain that resulted in the installation of spyware that can transmit audio recordings, photos, geolocation, and other sensitive information to attacker-controlled servers. Larin called this the "most sophisticated attack chain we've ever seen."

HackyClub Observation:

Targeting of mobile ecosystems remains an underreported but significant component of state-backed espionage programs and is likely to rise as smartphones and encrypted messaging applications become increasingly ubiquitous globally. Threat actors likely approach victims through random messaging such as SMS, Instant Message and Phishing email. As a cyber smart individual, it is always recommended to remain vigilant on possible social engineering attempts or other activity that may be indicative of fraudulent activity.

Reference:

https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/