>Despite many ups and downs, we eventually managed to obtain all the stages used in this attack, including four zero-day exploits reported to Apple, two validators, an implant and its modules.
Looks like NSA still hasn't forgiven Kaspersky for exposing STUXNET [1]. It seems that this latest attack on Kaspersky was expensive. Losing 4 zerodays must have been painful. It's also possible that Israel and Unit 8200 [2] was behind this but my money's on the NSA.
no way in hell the NSA forcibly tries to reinfect targets over and over, that's not their modus operandi. Instead they would have spend money to find a persistence on the infected device.
The fact that the attacker has almost a full-chain but no persistence screams to me "second fiddle", probably a nation state that have access to 0-days brokers but no in-house engineering.
I agree with you on that, but the USA (and probably China) is the nation state least likely to skimp on iOS persistence when targeting Russian AV analysts :D
I can only guess at motivations but I would think that when targeting security researchers you’d aim to not have persistence since that would make require leaving evidence of infection on the device.
Looks like NSA still hasn't forgiven Kaspersky for exposing STUXNET [1]. It seems that this latest attack on Kaspersky was expensive. Losing 4 zerodays must have been painful. It's also possible that Israel and Unit 8200 [2] was behind this but my money's on the NSA.
[1] https://eugene.kaspersky.com/2011/11/02/the-man-who-found-st...
[2] https://www.washingtonpost.com/world/national-security/israe...