top | item 38036265

(no title)

luch | 2 years ago

no way in hell the NSA forcibly tries to reinfect targets over and over, that's not their modus operandi. Instead they would have spend money to find a persistence on the infected device.

The fact that the attacker has almost a full-chain but no persistence screams to me "second fiddle", probably a nation state that have access to 0-days brokers but no in-house engineering.

discuss

saagarjha|2 years ago

Persistence on iOS is really, really hard.

luch|2 years ago

I agree with you on that, but the USA (and probably China) is the nation state least likely to skimp on iOS persistence when targeting Russian AV analysts :D

cvalka|2 years ago

This is not the first time the NSA infiltrated Kaspersky. Avoiding persistence was one of the desired requirements of the attack.

munchinator|2 years ago

It wasn't clear to me from reading the blogpost that persistence _wasn't_ achieved?

saagarjha|2 years ago

They mentioned that the suspicious traffic stopped after a restart.