Russia claims of US cyber offense surface on X

Russian cybersecurity firms have designated a US government offensive cyber group with its very own codename, Sand Eagle, according to a document shared on X by vx-underground. It’s not clear if the designation applies to a specific agency or not.

The tweeted document, dated from June 2019 and shared on March 7th by the cyber watchdog, is of unclear provenance and the claims it makes should be treated with due caution. It refers to Sand Eagle in the heading before going on to detail Russian claims of an attack by US “special services” against targets in the Federation.

It states that in June 2023, Russian intelligence agency the FSB “announced that as a result of an intelligence operation by American special services, several thousand iPhones, including devices of diplomatic missions in Russia, were infected with unknown malicious software.”

However, the document goes on to say that the FSB supplied no further details including what actions were taken to eliminate the alleged detected infections.

Nor is it clear which countries the “diplomatic missions” allgedly targeted were from.

Kaspersky, a cybersecurity firm that has been accused of having links to the Russian military, says it carried out an investigation that found “several iPhones with suspicious behavior.”

The company dubbed the alleged malware campaign Operation Triangulation.

“The implant, known as TriangleDB, is installed after attackers gain superior privileges on an iOS device, using a kernel vulnerability,” the document said. “It is deployed in memory, which means that all traces are lost when the device is rebooted.”

This means that a victim will be forced to reinfect their device by sending an iMessage with malware attached to it when and if they reboot.

Another X cyber pundit, Dmitry Gmilnanets, tweeted his response to vx-underground, in his case a screenshot of a query about Sand Eagle he posed to Grok, Elon Musk’s subscription-only AI chatbot.

“Sand Eagle APT [advanced persistent threat] is a group of highly skilled hackers who are known to target government organizations and large corporations,” the chatbot replied. “They are believed to be based in the United States, and their primary goal is to gather intelligence and steal sensitive information. They are known to use advanced techniques and have been linked to several high-profile cyberattacks in recent years.”

Gmilnanets commented: “Grok knows something we don’t.”

It would certainly appear to be the case. “We had never heard this name,” responded vx-underground. We also Googled it and found no references to it.”

Cybernews can confirm this is true – our own search for Sand Eagle returned images of and articles about birds and a 2006 novel called The Eagle In The Sand as its top returns.

So, another Russian feint, or genuine evidence that the Americans are active in the offensive cyberwar as well?

Your guess, dear reader, is as good as ours…

More from Cybernews:

China biotech firms amass Americans' genetic data, lawmakers warn

US gov passes bill forcing TikTok to divest or be banned

Crypto apps rally alongside bitcoin prices

Anyone can work in cybersecurity, veteran says

Dressing robot mimics movements of care workers

Subscribe to our newsletter