Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Russia designates US government as APT Sand Eagle, claims it launched attack on Russian devices

Cyber security firms in Russia have assigned the US government its very own advanced persistent threat (APT) designation after claiming it or government agencies had launched attacks against Russian Federation targets.

user icon Daniel Croft
Mon, 11 Mar 2024
Russia designates US government as APT Sand Eagle, claims it launched attack on Russian devices
expand image

Russian intelligence firms are reportedly referring to the US government as “Sand Eagle”, according to a document shared by @vxunderground on X (formerly Twitter).

============
============

The shared document details an instance in which “American special services” launched a campaign against Russian devices, including those belonging to the government.

“On June 1, 2023, the FSB of Russia announced that as a result of an intelligence operation by American special services, several thousands iPhones, including devices of diplomatic missions in Russia, were infected with unknown malicious software,” the document read.

“Details about the actions that occurred after the infection of the devices, as well as the elimination of the detected ‘anomalies’ were not provided by the agency.

“Later that day, Kaspersky Lab specialists reported that they had found several iPhones with suspicious behaviour and examined their backups. The researchers called this harmful campaign ‘Operation Triangulation’.”

According to the document, a malware called TriangleDB is installed on accessed devices once the threat actor gains administrator privileges on it through a “kernel vulnerability”. The payload is installed in the device’s memory, meaning a reboot will eliminate any trace of the malware.

It also means that when the device is rebooted, the user will be forced to reinfect it through an iMessage with the malware attached to it.

The document provides no details as to what the “diplomatic missions” were.

It is also worth noting that Kaspersky Lab is a cyber security organisation that has been accused in the past of having connections with the Russian military.

Responding to @vxunderground on X, cyber researcher Bill Marczak said that Sand Eagle does not refer to this instance but instead to a Middle Eastern group.

“Qihoo 360 came up with the name in 2022, and it’s not linked to Triangulation (360 asserted a link then deleted their research). In this year’s threat report, 360 clarifies that Sand/Desert Eagle is actually a Middle East group not related to Triangulation,” his post said.

Additionally, researcher Dmitry Smilyanets asked X’s AI chatbot Grok what it knew about the Sand Eagle APT, and it provided information that backed Russia’s claims.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.