{
	"id": "0e346a1a-a393-4f3b-aa9d-f914c1b18f49",
	"created_at": "2026-04-06T00:21:37.555995Z",
	"updated_at": "2026-04-10T13:11:35.951494Z",
	"deleted_at": null,
	"sha1_hash": "9d198e1c37f48acbd44b276c96821af8012eabca",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44503,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:59:25 UTC\nHome \u003e List all groups \u003e Operation Triangulation\n APT group: Operation Triangulation\nNames Operation Triangulation (Kaspersky)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2023\nDescription\n(Kaspersky) While monitoring the network traffic of our own corporate Wi-Fi network using\nthe Kaspersky Unified Monitoring and Analysis Platform (KUMA), we discovered a\npreviously unknown mobile APT campaign targeting iOS devices. The targets are infected\nusing zero-click exploits via the iMessage platform, and the malware runs with root privileges,\ngaining complete control over the device and user data. We are calling this campaign\n“Operation Triangulation”.\nThis is an ongoing investigation, the amount of material we collected is substantial and will\ntake time to analyze. Given the complexity of the attack, we are confident that we are not the\nonly target, and invite everyone to join the research.\nObserved\nTools used TriangleDB.\nInformation\nLast change to this card: 17 January 2024\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=015b1a7a-7af1-4d86-8ae2-5f5f5b4ef161\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=015b1a7a-7af1-4d86-8ae2-5f5f5b4ef161\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=015b1a7a-7af1-4d86-8ae2-5f5f5b4ef161"
	],
	"report_names": [
		"showcard.cgi?u=015b1a7a-7af1-4d86-8ae2-5f5f5b4ef161"
	],
	"threat_actors": [
		{
			"id": "ad08bd3d-e65c-4cfd-874a-9944380573fd",
			"created_at": "2023-06-23T02:04:34.517668Z",
			"updated_at": "2026-04-10T02:00:04.842233Z",
			"deleted_at": null,
			"main_name": "Operation Triangulation",
			"aliases": [],
			"source_name": "ETDA:Operation Triangulation",
			"tools": [
				"TriangleDB"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "113b8930-4626-4fa0-9a3a-bcf3ef86f595",
			"created_at": "2024-02-06T02:00:04.14393Z",
			"updated_at": "2026-04-10T02:00:03.578394Z",
			"deleted_at": null,
			"main_name": "Operation Triangulation",
			"aliases": [],
			"source_name": "MISPGALAXY:Operation Triangulation",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434897,
	"ts_updated_at": 1775826695,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9d198e1c37f48acbd44b276c96821af8012eabca.pdf",
		"text": "https://archive.orkl.eu/9d198e1c37f48acbd44b276c96821af8012eabca.txt",
		"img": "https://archive.orkl.eu/9d198e1c37f48acbd44b276c96821af8012eabca.jpg"
	}
}