From 3a15a275849dd1a8faa93a90090aff00ea5a312c Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Mon, 5 Feb 2024 09:20:11 -0800 Subject: [PATCH] [threat-actors] Add Operation Triangulation --- clusters/threat-actor.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index e3ec6567..ae7b07b6 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -14859,6 +14859,19 @@ }, "uuid": "3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb", "value": "GhostEmperor" + }, + { + "description": "Operation Triangulation is an ongoing APT campaign targeting iOS devices with zero-click iMessage exploits. The threat actor behind the campaign has been active since at least 2019 and continues to operate. The attack chain involves the delivery of a malicious iMessage attachment that launches a series of exploits, ultimately leading to the deployment of the TriangleDB implant. Kaspersky researchers have discovered and reported multiple vulnerabilities used in the campaign, with patches released by Apple.", + "meta": { + "refs": [ + "https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/", + "https://securelist.com/operation-triangulation-catching-wild-triangle/110916/", + "https://securelist.com/triangulation-validators-modules/110847/", + "https://securelist.com/operation-triangulation/109842/" + ] + }, + "uuid": "220001c6-c976-4cad-a356-4d8c2dd2b1c1", + "value": "Operation Triangulation" } ], "version": 299