Common Information
| Type | Value |
|---|---|
| Value |
Keychain - T1634.001 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may collect keychain data from an iOS device to acquire credentials. Keychains are the built-in way for iOS to keep track of users' passwords and credentials for many services and features such as Wi-Fi passwords, websites, secure notes, certificates, private keys, and VPN credentials. On the device, the keychain database is stored outside of application sandboxes to prevent unauthorized access to the raw data. Standard iOS APIs allow applications access to their own keychain contained within the database. By utilizing a privilege escalation exploit or existing root access, adversaries can access the entire encrypted database.(Citation: Apple Keychain Services)(Citation: Elcomsoft Decrypt Keychain) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-06-21 | 3 | Apple patches kernel bug used in TriangleDB spyware attacks | ||
| Details | Website | 2023-06-21 | 0 | New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices | ||
| Details | Website | 2023-06-21 | 0 | Security Researchers Uncover New Spyware Implant TriangleDB | ||
| Details | Website | 2023-06-21 | 4 | Анализ TriangleDB, импланта “Операции Триангуляция” | ||
| Details | Website | 2023-06-21 | 0 | TriangleDB, spyware implant of Operation Triangulation | ||
| Details | Website | 2023-06-21 | 4 | Dissecting TriangleDB, a Triangulation spyware implant | ||
| Details | Website | 2023-06-21 | 22 | Initial research exposing JOKERSPY — Elastic Security Labs | ||
| Details | Website | 2023-06-15 | 128 | Mystic Stealer | ||
| Details | Website | 2023-06-12 | 0 | Apple's Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs | ||
| Details | Website | 2023-06-12 | 0 | Apple's Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs - RedPacket Security | ||
| Details | Website | 2023-06-06 | 0 | WWDC 2023: Apple introduces new privacy and security features | ||
| Details | Website | 2023-06-06 | 1 | iPhone Devices have Advanced Cyber-Security Options for Their Users | ||
| Details | Website | 2023-06-06 | 0 | Apple Unveils Upcoming Privacy and Security Features | ||
| Details | Website | 2023-06-01 | 0 | Use Swift with the Jamf API, Part 6 The last of us | ||
| Details | Website | 2023-05-19 | 6 | Ethereum’s Wallet | ||
| Details | Website | 2023-05-17 | 0 | Why You Need a Password Manager | ||
| Details | Website | 2023-05-17 | 0 | Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts | ||
| Details | Website | 2023-05-16 | 0 | Attackers Target macOS With 'Geacon' Cobalt Strike Tool | ||
| Details | Website | 2023-05-12 | 2 | Do You Really Need to Buy an Antivirus App or a VPN Anymore? | ||
| Details | Website | 2023-05-12 | 0 | Atomic malware steals Mac passwords, crypto wallets, and more | ||
| Details | Website | 2023-05-11 | 0 | Google Passkey: How to create one and when you shouldn't | ||
| Details | Website | 2023-05-09 | 0 | Google Launches Passkeys: The Password Replacement That Could Change Online Security Forever | ||
| Details | Website | 2023-05-09 | 4 | New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets | ||
| Details | Website | 2023-05-07 | 6 | Defend Your Mac: MacStealer & Atomic macOS Malware | ||
| Details | Website | 2023-05-06 | 2 | Passkeys and What They Mean For Users |