Russia’s main security service accused a US intelligence agency of hacking several thousand iPhones, including devices belonging to Russian nationals and others linked to diplomatic missions and embassies in the country.
The statement from Russia’s Federal Security Service, known as the FSB, was scant on details and didn’t identify which US intelligence agency was behind the alleged attacks. The Russian security agency claimed that Apple Inc., the maker of iPhone, works closely with US intelligence, particularly the National Security Agency. The attacks were linked to SIM cards registered with Russia-based diplomats for NATO countries, Israel and China, according to the statement.
A spokesperson for Apple didn’t comment on whether any Russian iPhones were breached. But the spokesperson said the company hadn’t helped any government breach iPhones, as the FSB suggested, and “never will.” Apple halted product sales in Russia following that country’s invasion of Ukraine, but iPhones are still widely available via parallel import schemes.
A representative for the NSA declined to comment. Spokespeople for the Chinese and Israeli embassies in Washington didn’t immediately respond to requests for comment.
Separately, the Moscow-based cybersecurity company Kaspersky published a blog post saying iPhones belonging to several dozen of its employees had been hacked, and it included technical details of how the operation allegedly worked. The hack went undetected for years, according to the timeline on the blog post. Kaspersky didn’t identify who it believed was behind the attack, which it described as a “extremely complex, professional targeted cyberattack.”
In an email, a Kaspersky spokesman said the hacking campaign was discovered at the beginning of the year. Russian authorities have indicated the attacks are linked, he said, and a Kaspersky employee tweeted that the FSB’s and Kaspersky’s statements were related. Kaspersky said the spyware worked on an older version of Apple’s operating system.
It wasn’t possible to confirm the allegations, which were made at a time of exceptionally fraught relations between the US and Russia over the ongoing war in Ukraine. The US is providing Ukraine with intelligence support and military hardware but is at pains to avoid a direct confrontation with Russia. In addition, just last month, the US Department of Justice announced that it had disrupted a years-long hacking campaign carried out by an infamous FSB unit called “Turla.” The malware, called “Snake,” allegedly impacted over 50 countries and was used by Russian hackers for more than 20 years, according to the US authorities.
The US government banned the use of Kaspersky software from federal systems in 2017, citing espionage fears, and last year, the US Federal Communications Commission placed the Russian firm on a list of companies whose equipment and services have been deemed a national security threat. Following Russia’s invasion of Ukraine last year, Rob Joyce, the NSA’s director of cybersecurity, told Bloomberg News he was “very worried” about US companies using Kaspersky antivirus products, saying it was “ill-advised with this global situation.”
Cybersecurity experts who reviewed the Kaspersky blog said the hackers appeared to use advanced techniques to breach iPhones, but they added that more information was needed to know definitively.
“The sophistication of these attacks narrows it down to just a handful of the world’s most powerful players in the offensive space, and I have a feeling that we will know more about the origin as soon as Apple starts to notify the victims,” said Zack Ganot, chief executive officer of Israel-based Sunday Security, who reviewed Kasperky’s findings.
The hackers infiltrated the devices by sending a malicious attachment via iMessage, according to Kaspersky. A user isn’t required to click on anything in order for the hack to work, known as a “zero-click” attack. The method is considered the gold standard for hackers breaking into computers or mobile devices and is sold by commercial surveillance companies, including Israel’s NSO Group.
“Kaspersky, arguably one of the best exploit detection companies in the world, was potentially hacked via an iOS zero-day for five years and only now discovered it,” said Patrick Wardle, the founder of the Objective-See Foundation, a nonprofit specializing in Apple security tools and a former NSA employee.
“It would be super risky to go after Kaspersky, basically you’d have to assume eventually you’d get caught,” he said.
The US government and US-based cybersecurity companies often detail the inner workings of alleged hacking operations by foreign actors, particularly those based in Russia, China, Iran and North Korea. But it is unusual for those countries to provide technical details of alleged US hacking campaigns.
In the blog post, CEO Eugene Kaspersky said the spyware, dubbed “triangulation,” “transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation and data about a number of other activities.” The threat from the attack at the company had been “neutralized,” he said.