TriangleDB

Malware updated 6 months ago (2024-11-29T14:07:40.552Z)

Download STIX

Preview STIX

TriangleDB is a sophisticated malware implant targeting iOS devices, discovered as part of a likely state-sponsored cyber-espionage campaign named Operation Triangulation. The malware was first disclosed by Kaspersky researchers in June, revealing its deployment through a new zero-click iOS attack. TriangleDB's infection chain contains two unique stages known as "JavaScript Validator" and "Binary Validator," which are launched prior to the implant's deployment. This implant is associated with a series of Apple zero-day flaws (CVE-2023-46690, CVE-2023-32434, CVE-2023-32439), affecting both iPhones and iPads across government and corporate targets. During their investigation, Kaspersky researchers unearthed numerous curious details about TriangleDB. For instance, while it already possesses multiple oddities, there are also disabled features within the implant that could potentially be deployed in the future. These findings were part of a six-month-long investigation, during which Kaspersky successfully collected all components of the attack chain and completed an extensive analysis of the spyware implant. In response to the discovery and disclosure of TriangleDB, Apple patched the kernel bug exploited by the malware in June. This action effectively neutralized the threat posed by TriangleDB, protecting iOS users from potential exploitation and data theft. Despite this, the existence and sophistication of TriangleDB underscore the ongoing threats faced by digital devices and the importance of robust cybersecurity measures.

Description last updated: 2024-03-19T15:15:48.318Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apple

Malware

Zero Day

Operation Tr...

Ios

Implant

Payload

Exploits

State Sponso...

Spyware

Exploit

Kaspersky

Imessage

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-32434 Vulnerability is associated with TriangleDB. CVE-2023-32434 is a high severity software vulnerability that allows for arbitrary code execution with kernel privileges. This flaw, along with two others (CVE-2023-32435 and CVE-2023-32439), were identified as zero-days in June 2023, exploited to deploy the Triangulation spyware via iMessage. The s	Unspecified	2
The CVE-2023-32439 Vulnerability is associated with TriangleDB. CVE-2023-32439 is a significant vulnerability discovered in Apple's WebKit browser engine. This flaw stems from a type confusion issue that could lead to arbitrary code execution if an affected device processes maliciously crafted web content. The vulnerability was reported by an anonymous source an	Unspecified	2
The vulnerability CVE-2023-46690 is associated with TriangleDB.	Unspecified	2

Source Document References

Information about the TriangleDB Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	Patch Now: Apple Zero-Day Exploits Bypass Kernel Security
Securelist	a year ago	Threat landscape for industrial automation systems. H2 2023
CERT-EU	a year ago	Apple Zero-Day Exploits Bypass Kernel Security \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securelist	a year ago	Kaspersky predictions about ICS and OT threats in 2024
Securelist	a year ago	Kaspersky predictions on privacy in 2024
CERT-EU	a year ago	The biggest cybersecurity and cyberattack stories of 2023
DARKReading	a year ago	‘Operation Triangulation’ Spyware Attackers Bypass iPhone Memory Protections
Securityaffairs	a year ago	Operation Triangulation attacks relied on an undocumented hardware feature
CERT-EU	a year ago	Operation Triangulation: The last (hardware) mystery
Securelist	a year ago	Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)
CERT-EU	2 years ago	New BlueNoroff loader for macOS
Securelist	2 years ago	Kaspersky Security Bulletin 2023. Statistics
CERT-EU	2 years ago	Quick: Update iPhones and Macs – WebKit security hole found
Securelist	2 years ago	Crimeware and financial cyberthreat predictions for 2024
CERT-EU	2 years ago	Modern Asia APT groups TTPs
CERT-EU	2 years ago	Unpatched bugs can be abused to steal Kubernetes secrets
CERT-EU	2 years ago	Apple Private Wi-Fi hasn't worked for the past three years
CERT-EU	2 years ago	Apple news: iLeakage attack, MAC address leakage bug - Help Net Security
Securelist	2 years ago	A cascade of compromise: unveiling Lazarus' new campaign
CERT-EU	2 years ago	Apple issued another patch to stop TriangleDB cyber snooping