Russian FSB Accuses U.S. of Hacking Thousands of iPhones in Russia

Russia’s FSB has publicly accused the U.S. of hacking thousands of Apple iPhones, including those of people inside Russia, as well as embassies in Russia belonging to NATO countries, post-Soviet countries, and Israel, Hong Kong, and China.

The FSB provided no evidence for its claims. But the announcement s related to a blog post from Russian cybersecurity company Kaspersky which said hackers had targeted the company’s own researchers’ iPhones with sophisticated malware. Kaspersky wrote the earliest traces of infection it found stretch back to 2019, and that the attack is ongoing.

“The Federal Security Service of the Russian Federation, together with the Federal Security Service of Russia, uncovered a reconnaissance action by American intelligence services conducted using Apple mobile devices (USA),” the announcement from the FSB reads according to Google Translate.

The FSB said that in the course of checking the security of Russian telecommunications infrastructure, “anomalies were identified” caused by a previously unknown piece of malware. The FSB said “several thousand” phones were found to have been injected.

The FSB went a step further and claimed that this malware shows “the close cooperation of the American company Apple with the national intelligence community, in particular the US NSA.” (Government agencies and private companies often find vulnerabilities in popular pieces of consumer technology and turn them into exploits to break into devices. Typically, this is done without the cooperation of the manufacturer, such as Apple).

An Apple spokesperson told Motherboard in an email that “We have never worked with any government to insert a backdoor into any Apple product and never will.”

On Thursday Kaspersky published its own blog post that said it detected some of their researchers’ iPhones had been compromised. The malware was delivered by iMessage and compromised the target phone without any user interaction, according to the blog post. This is commonly known as a “zero-click” exploit. The malware then deleted the respective iMessage and attached exploit, the blog post says.

Kaspersky told Motherboard in an email that it was “aware” of the FSB’s announcement. “Although we don’t have technical details on what has been reported by the FSB so far, the Russian National Coordination Centre for Computer Incidents (NCCCI) has already stated in their public alert that the indicators of compromise are the same,” Kaspersky said.

A publication from the Russian CERT, a government body that handles cybersecurity issues, includes the same set of malware-related domains as those identified by the Kaspersky researchers. These include domains such as “datamarketplace[.]net” and “mobilegamerstats[.]com”.

When asked if Kaspersky had any coordination or communication with any parts of the Russian government regarding Kaspersky’s announcement, the company said “We have shared information with national CERTs worldwide, including the Russian one. We have also shared information with the Apple Security Research team.”

Cameron Potts, public affairs officer for NSA/CSS public affairs, told Motherboard in an email “We have nothing for you on this.”

Update: This piece has been updated to include a statement from Apple.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our Twitch channel.