Kaspersky Lab has identified a highly targeted cyberattack aimed at the iPhones of senior executives and mid-level leaders within the company. This information comes from Kaspersky Lab’s press service as shared with socialbites.ca.
The attackers attempted to insert the Triangulation spyware into Apple devices by exploiting a sequence of iOS vulnerabilities. The exploit allowed an invisible message in iMessage to carry a malicious attachment, effectively delivering spyware to the target devices without immediate user awareness.
Experts describe the spyware as operating with near-complete user invisibility. It can silently collect and transmit data to remote servers, including audio from the device’s microphone, images from instant messaging apps, location details, and a variety of other user activity signals from the compromised device.
The breach activity was detected by Kaspersky Lab’s KUMA network event monitoring and analysis system. The system flagged an anomaly in the network, and subsequent investigation revealed that dozens of iPhones had fallen prey to the infection.
Analysts note that a telltale indirect sign of Triangulation’s presence is a slowdown or obstruction in the ability to install iOS updates, suggesting the spyware may interfere with security patch processes on the device.
Former cyber expert Igor Bederov stated to Gazeta.ru that infections of this kind on iPhones during targeted campaigns are typically identified through thorough analysis of network traffic and data flows, rather than through traditional endpoint monitoring alone.
Industry observers emphasize the need for rigorous vigilance around messaging platforms and the importance of applying timely updates, strong device controls, and robust network monitoring to mitigate such bespoke threats. The incident underscores how even widely trusted mobile ecosystems can become vectors for sophisticated intrusions when vulnerabilities are exploited and hidden payloads are deployed via seemingly harmless communications.
Organizations are advised to review their incident response playbooks, implement enhanced anomaly detection focused on anomalous inbound messages, and ensure that devices used by high-risk personnel receive prioritized security hardening. Security teams should also consider deploying behavior-based detection to identify unauthorized data exfiltration patterns and to monitor for unusual microphone, camera, or geolocation activity that may indicate covert spyware operation.