Kaspersky discloses iPhone hardware feature vital in Operation Triangulation - https://news.ycombinator.com/item?id=38801275 - Dec 2023 (52 comments)
4-year campaign backdoored iPhones using advanced exploit - https://news.ycombinator.com/item?id=38784073 - Dec 2023 (7 comments)
Operation Triangulation: What you get when attack iPhones of researchers - https://news.ycombinator.com/item?id=38783112 - Dec 2023 (371 comments)
How to catch a wild triangle - https://news.ycombinator.com/item?id=38034269 - Oct 2023 (43 comments)
Scan iPhone backups for traces of compromise by “Operation Triangulation” - https://news.ycombinator.com/item?id=36164340 - June 2023 (153 comments)
Targeted attack on our management with the Triangulation Trojan - https://news.ycombinator.com/item?id=36161392 - June 2023 (126 comments)
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware - https://news.ycombinator.com/item?id=36154455 - June 2023 (41 comments)
Operation Triangulation: iOS devices targeted with previously unknown malware - https://news.ycombinator.com/item?id=36151220 - June 2023 (31 comments)
Others?
They also have a large and profitable industry selling state of the art tools to authoritarian regimes/dictators to target democracy activists and journalists.
If I had to guess...and this is a wild guess and in no way based on hard evidence....but I think the true value would be using this as a vector to bypass 2fa or MFA for attacks on a supply chain. Chaining exploints isn't a new concept...hell I had a similar idea years ago regarding chaining cve's to create a better more fluid escalation of privileges. The concerning thing is these were 0days from the brief reading I did, and exploited hardware vulnerabilities.
IMO hardware is the best target because few people are going to rip apart the device to look at chips...and even if they did they would need a metrology or lithography lab to find a backdoor in a part of a CPU or other component. Just because the part was shipped from the factory and the factory made it correctly, if someone could compromise a basic part of the chip then its all over and you really have to spend your time looking for these things. Example would be the BMC on your dell server gets backdoored or editing a snippet of microcode that these chip makers do not publicly document.
Seems unlikely that they would blow so many 0days so recklessly just to infect the iPhone to get data....when it could be used for so much more.
If this is a nation state actor....chances are they can just buy the data via third party or could have forced apple to turn over the icloud data or just caught it via intercepting the undersea cables and the their 1 isp's
Unless I'm missing something.....and this was used go after a really critical target that was hard to compromise and as a result, once they got the Intel they wanted they might have just used it willy nilly or have considered the 0days as lost if they had compromised a foreign nation state or person of interest and figure since they used the exploit....their advisary will discover it sooner or later
https://freedomhacker.net/vault-7-marble-framework-cia-evade...
