[tonetegeatinst]

Agree that its concerning regarding the lack of attribution especial given the complexity.

If I had to guess...and this is a wild guess and in no way based on hard evidence....but I think the true value would be using this as a vector to bypass 2fa or MFA for attacks on a supply chain. Chaining exploints isn't a new concept...hell I had a similar idea years ago regarding chaining cve's to create a better more fluid escalation of privileges. The concerning thing is these were 0days from the brief reading I did, and exploited hardware vulnerabilities.

IMO hardware is the best target because few people are going to rip apart the device to look at chips...and even if they did they would need a metrology or lithography lab to find a backdoor in a part of a CPU or other component. Just because the part was shipped from the factory and the factory made it correctly, if someone could compromise a basic part of the chip then its all over and you really have to spend your time looking for these things. Example would be the BMC on your dell server gets backdoored or editing a snippet of microcode that these chip makers do not publicly document.

Seems unlikely that they would blow so many 0days so recklessly just to infect the iPhone to get data....when it could be used for so much more.

If this is a nation state actor....chances are they can just buy the data via third party or could have forced apple to turn over the icloud data or just caught it via intercepting the undersea cables and the their 1 isp's

Unless I'm missing something.....and this was used go after a really critical target that was hard to compromise and as a result, once they got the Intel they wanted they might have just used it willy nilly or have considered the 0days as lost if they had compromised a foreign nation state or person of interest and figure since they used the exploit....their advisary will discover it sooner or later