In a recent espionage operation, Russia’s Federal Security Service made a bold claim that several thousand iPhones within the country had been compromised, allegedly by the US government. The Washington Post reported this news, highlighting the lack of evidence provided by the Russian authorities.
Russian cybersecurity firm Kaspersky Lab also weighed in, stating that file-stealing malware had been installed on iPhones belonging to its staff, running outdated versions of Apple’s mobile operating system. However, Kaspersky lacked sufficient proof to attribute the breaches to any specific government or organization.
The Infection Vector: Kaspersky pointed out that the infections began with an iMessage attachment, requiring no user involvement—a tactic similar to that employed by vendors such as NSO Group, known for Pegasus spyware, which is utilized by international government agencies. The Washington Post highlighted this parallel and noted that Kaspersky researchers were still investigating the incident, striving to gather adequate technical evidence to determine the source of the attack.
The Federal Security Service’s Assertion: In contrast, Russia’s Federal Security Service (FSB) confidently asserted that the attack targeted thousands of individuals, including diplomats stationed within the country. They specifically held the United States accountable for the breach, further claiming that the presence of the vulnerability indicated Apple’s collaboration with US government hackers. However, Apple firmly denied these charges, with a company spokesperson emphasizing that they have never and will never cooperate with any government to insert backdoors into their products.
Reactions from Various Entities: A Kremlin spokesperson expressed the government’s belief that iPhones are inherently unsafe, supporting the FSB’s claims. The Washington Post mentioned that China and Israel’s foreign ministries did not respond to requests for comments following the FSB’s assertion that hacked diplomats included representatives from these nations.
The Scope of the Impact: Kaspersky clarified that none of the compromised devices were using an operating system more recent than iOS 15.7, which was replaced in September 2022. Additionally, none of the affected devices had enabled Lockdown Mode, an optional setting that reduces the attack surface by limiting iMessage functionality and other features. This suggests that a sophisticated government spying operation would often exploit zero-day vulnerabilities, referring to undiscovered defects that persist despite software patches. Such operations often target devices used by embassies and private security professionals.
Silence from US Intelligence and Limited Details from Kaspersky: The US Office of the Director of National Intelligence declined to comment on the matter when approached by The Washington Post. Meanwhile, Kaspersky did not provide sufficient information to assist Apple in identifying the specific vulnerability utilized in the attacks. The security company notified Apple of the situation just hours before the FSB made its findings public. However, Kaspersky did release a list of obscure websites used to connect to the compromised phones, along with technical indicators of penetration that users can employ to examine their own devices.