“Triangulation” in trigonometry and geometry is the process of determining the location of a point by forming triangles to the point from known points. It also refers to the use of multiple methods or data sources in qualitative research, aiming to develop a comprehensive understanding of phenomena. Another interesting phenomena we’re living is the usage of zero-click and zero-day vulnerabilities, aiming to infect and spy on smartphones, the ubiquitous devices existing in our pockets, tables, homes, and offices. No Android or iPhones are free of spying – there is a giant market reselling these vulnerabilities, (ab)used by governments and intelligence agencies to spy on their citizens, opponents and the private sector.
This is the perfect description of “Operation Triangulation”, a cyberespionage campaign targeting entities worldwide, including security researchers responsible for the exposure of these spying campaigns. It tells the history of how we found 3 zero-day and zero-click vulnerabilities in our own yard, affecting all Apple’s modern operating systems: iOS, iPadOS, tvOS, macOS and watchOS. Everything started with an innocent (i)message.
In this talk, we’ll detail how we found these vulnerabilities, how we tracked them and once again, analyzed the in-memory implant, exposing the new espionage campaign that targeted many entities worldwide, including ourselves and also an important government in Latin America.
Fabio Assolini joined Kaspersky Lab’s Global Research and Analysis Team (GReAT), which boasts the industry’s top analysts, in July 2009 to primarily focus on one of the most dynamic countries in Latin America: Brazil. Fabio’s responsibilities include the analysis of virus, cyberattacks, banking trojans and other types of malware that originate from Brazil and the rest of the region. He particularly focuses on the research and detection of banking trojans. In July 2022, he was promoted to be the Head of the Research Team in Latin America.