Russia designates US government as APT Sand Eagle, claims it launched attack on Russian devices

Russia designates US government as APT Sand Eagle, claims it launched attack on Russian devices

Russia designates US government as APT Sand Eagle, claims it launched attack on Russian devices

Russian cybersecurity firms have assigned the US government its own advanced persistent threat (APT) designation after claiming that it or government agencies had launched attacks against targets in the Russian Federation.

Russian intelligence firms reportedly refer to the US government as “Sand Eagle,” according to a document shared by @vxunderground on X (formerly Twitter).

The shared document details a case in which “American special services” launched a campaign against Russian devices, including those of the government.

“On June 1, 2023, the Federal Security Service of Russia announced that, as a result of an intelligence operation by American special services, several thousand iPhones, including devices from diplomatic missions in Russia, were infected with unknown malicious software. “, reads the document.

“The agency did not provide details about the actions that occurred after the devices were infected, as well as about the elimination of the detected ‘anomalies’.

“Later that day, Kaspersky Lab specialists reported that they had found several iPhones with suspicious behavior and examined their backups. Investigators called this damaging campaign ‘Operation Triangulation.'”

According to the document, a malware called TriangleDB is installed on accessed devices once the threat actor gains administrator privileges through a “kernel vulnerability.” The payload is installed into the device’s memory, meaning a reboot will remove any trace of the malware.

It also means that when the device is rebooted, the user will be forced to reinfect it via an iMessage with the malware attached.

The document does not provide details about what the “diplomatic missions” were.

It’s also worth noting that Kaspersky Lab is a cybersecurity organization that has been accused in the past of having connections to the Russian military.

In response to @vxunderground on X, cyber researcher Bill Marczak said that Sand Eagle is not referring to this instance but to a Middle Eastern group.

“Qihoo 360 came up with the name in 2022 and it is not linked to Triangulation (360 claimed a link and then deleted their research). In this year’s threat report, 360 clarifies that Sand/Desert Eagle is actually a Middle Eastern group unrelated to Triangulation,” their post read.

Additionally, researcher Dmitry Smilyanets asked X’s AI chatbot Grok what it knew about the Sand Eagle APT, and it provided information supporting Russia’s claims.

Leave a Reply

Your email address will not be published. Required fields are marked *