Tuesday, May 26, 2020

Apple iOS Now Targeted In Massive Cyber Espionage Campaign

Must read

DNA and case preparation

What does the presence of an individual’s DNA on an item related to a crime actually mean in the context of the case circumstances? ...

Forensic Comparison Software Workflow Touch Screen

This video showcases the workflow from capture of the fingerprint at a crime scene, enhancement, matching on case AFIS , and finally...

The Bowraville Murders – Australia’s Unsolved Serial Killing

For the past three months, The Australian’s crime reporter Dan Box has been looking at an unsolved serial killing in Bowraville. Three children, all...

Who Should Have Access to DNA Evidence?

Next week, the West Virginia Supreme Court will hear a case in which 30 former prosecutors from around the country have taken the unusual...
Michael Whyte
Crime Scene Officer and Fingerprint Expert with over 7 years experience in Crime Scene Investigation and Latent Print Analysis. The opinions or assertions contained on this site are the private views of the author and are not to be construed as those of any professional organisation or policing body.
- Forensic Podcast -

Attack campaign tied to Russia now zeroing in on mobile user’s iPhones, iPads.

An extensive and sophisticated cyber espionage operation targeting mainly Western military, government, defense industry firms, and the media, now has a new weapon: a spyware app for Apple iPhones and iPads.

Operation Pawn Storm, which has been tied to Russia by at least one security research firm, is using a specially crafted iOS app to surreptitiously steal from the mobile device text messages, contact lists, pictures, geo-location information, WiFi status of the device, lists of installed apps and processes — and to record voice conversations, according to new Trend Micro research.

“The Cold War has returned in cyberspace, and Apple has become the gateway to western elites,” says Tom Kellermann, chief cyber security officer with Trend Micro. “Pawn Storm has evolved to now incorporate proximity attacks against Western victims.”

Trend Micro researchers, who found the iOS malware while studying and tracking Operation Pawn, say they believe the Apple spyware gets installed on systems already compromised by the attackers. It’s similar to the “next-stage” SEDINT malware they found targeting Microsoft Windows systems.

“We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT,” wrote Trend mobile threat analysts Lambert Sun and Brooks Hong and senior threat researcher Feike Hacquebord, in a blog post today.

“The obvious goal of the SEDNIT-related spyware is to steal personal data, record audio, make screenshots, and send them to a remote command-and-control (C&C) server. As of this publishing, the C&C server contacted by the iOS malware is live,” they said.

When XAgent runs on iOS 7, its icon doesn’t show up on the mobile device. It’s hard to kill, too: When the researchers attempted to terminate the app’s process, it restarted right away. When running on iOS 8, however, the icon is not hidden and doesn’t automatically restart after it’s killed. The researchers say this shows the malware was created before iOS 8’s release in September of last year.

“We can see that the code structure of the malware is very organized. The malware looks carefully maintained and consistently updated,” the researchers said.

Operation Pawn Storm cyberattacks have intensified in the wake of US-Russian tensions, and the organizations and regions targeted appear to point to Russia or Russian interests. The attackers are going after the US, NATO allies, and Russian dissidents. Among the targets of some phishing attacks used in the campaign are ACADEMI (the US defense contractor formerly known as Blackwater), SAIC, and the Organization for Security and Cooperation in Europe.

Trend Micro so far has stopped short of attributing the attacks to Russia. Researchers at FireEye, however, recently called out the Russian government as being behind the Operation Pawn Storm campaign–specifically the so-called APT28 hacking group. “This Russian government-backed type of espionage has been very mysterious and hard to nail down over all these years on the Internet,” Dan McWhorter, lead researcher for the report and vice president of threat intelligence for FireEye, told Dark Reading in October.  “In my opinion after looking at our research, it confirms that yes, in fact, the Russian government is doing this, and it gives us a body of evidence to put against that assertion that wasn’t there previously.”

Just how victims’ Apple iOS devices get infected with the spyware is unknown thus far. In one case, the researchers found a “Tap Here to Install the Application” prompt to lure users into installing the app. Another possible vector, they say, is via a compromised Windows laptop when the iPhone is connected to it with a USB cable. The attackers employ Apple’s “ad-hoc provisioning” method of distributing the app.

Source: Dark Reading 

- Advertisement -

More articles

- Advertisement -

Latest article

Using the NCIC Bayesian Network to improve your AFIS searches

This National Crime Information Centre (NCIC) Bayesian network is based on the statistical data of general patterns of fingerprints on the hands...

DNA decontamination of fingerprint brushes

Using fingerprint brushes across multiple crime scenes yields a high risk of DNA cross-contamination. Thankfully an Australian study has discovered a quick and easy way to safely decontaminate fingerprint brushes to prevent this contamination risk and allows the brushes to be safely reused even after multiple cleaning cycles.

Detection of latent fingerprint hidden beneath adhesive tape by optical coherence tomography

Adhesive tape is a common item which can be encountered in criminal cases involving rape, murder, kidnapping and explosives. It is often the case...

Presenting Fingerprint Comparisons in Court using Forensic Comparison Software

This video gives the fingerprint technician some ideas on how to present a Fingerprint Comparison result to the court that looks professional. To accomplish this...

New modified fingerprint chemical that fluoresces touch DNA on clothing

In sexual assault and burglary investigations, the recovery of DNA from items that have been handled by the suspect is very important....