According to a document released on X by vx-underground, Russian cybersecurity companies have assigned a codename, Sand Eagle, to a US government offensive cyber force. It is unclear if the designation refers to a particular agency or not.

The Twitter document, dated June 2019 and provided by the cyber watchdog on March 7th, has questionable origins, and the accusations it makes should be handled with care. The headline mentions Sand Eagle before delving into Russian accusations of a strike by US “special services” on targets in the Federation.

Secrets Sensei: Overcoming Secrets Management Challenges.

It claims that in June 2023, Russian intelligence agency the FSB “announced that as a result of an intelligence operation by American special services, several thousand iPhones, including devices of diplomatic missions in Russia, were infected with unknown malicious software.”

However, the paper goes on to state that the FSB provided no more information, including what steps were taken to eradicate the purported discovered viruses.

It is also unclear which nations the allegedly targeted “diplomatic missions” came from.

Russia-based Cyber Threat Intelligence firms have an APT name designated for the United States government: Sand Eagle pic.twitter.com/4eLuaE1lwJ

— vx-underground (@vxunderground) March 7, 2024

Kaspersky, a cybersecurity company suspected of having connections to the Russian military, said it conducted an examination and discovered “several iPhones with suspicious behavior.”

The business called the suspected malware attack Operation Triangulation.

“The implant, known as TriangleDB, is installed after attackers gain superior privileges on an iOS device, using a kernel vulnerability,” according to the report. “It is deployed in memory, which means that all traces are lost when the device is rebooted.”

When a victim reboots, they will be compelled to reinfect their device by sending an iMessage containing malware.

Meta Information: WhatsApp and Messenger Compatibility to Adhere to EU DMA Rules

Another X cyber pundit, Dmitry Gmilnanets, responded to vx-underground by tweeting a screenshot of a Sand Eagle-related question he asked Grok, Elon Musk’s subscription-only AI chatbot.

“Sand Eagle APT [advanced persistent threat] is a group of highly skilled hackers who are known to target government organizations and large corporations,” the chatbot said. “They are said to be located in the United States, and their main objective is to collect intelligence and steal critical information. They are known to deploy sophisticated methods and have been tied to a number of high-profile hacks in recent years.”

Gmilnanets said, “Grok knows something we don’t.”

It definitely seems to be the case. “We had never heard this name,” said vx-underground. We also looked it up on Google, but there were no results.”

Cybernews can corroborate this; our own search for Sand Eagle yielded photographs and articles on birds, as well as a 2006 book called The Eagle In The Sand.

So, is this just another Russian bluff, or is there solid proof that the Americans are also involved in the offensive cyberwar?

Your estimate is as valid as ours.

source