Russia’s Federal Security Service (FSB) has accused U.S. intelligence agencies of hacking thousands of iPhones to conduct surveillance on Russian diplomats (via The Record).
The FSB’s statement, published on Thursday, alleges that the U.S. utilized previously undisclosed malware to target iOS devices. Meanwhile, Russian cybersecurity firm Kaspersky has also released a report detailing iOS malware from an unknown source.
Although Kaspersky initially couldn’t confirm a connection between the two attacks, an updated statement acknowledged that the indicators of compromise in both reports are identical.
According to the FSB, the malware not only affected domestic users but also targeted foreign numbers and wireless subscribers using SIM cards registered with diplomatic missions and embassies in Russia.
The list of impacted countries includes those from the NATO bloc, the post-Soviet region, as well as Israel, Syria, and China.
Furthermore, Russian intelligence claims that their investigation revealed Apple’s collaboration with the U.S. National Security Agency (NSA).
“This proves that Apple’s stated commitment to protecting the privacy of user data is, in fact, misleading,” said FSB in a statement.
Oleg Shakirov, an expert on foreign policy and security, explained on Twitter that these types of accusations, referred to as “quasi-attribution,” are not uncommon for Russian authorities, as they tend to lack technical details.
Update: the FSB press-release is followed up by the MFA press release on “new facts of global surveillance by the United States”
It doesn’t add much detail about the alleged operation but rather emphasizes Russia’s international cyber diplomacy effortshttps://t.co/vx7nAH8IQv pic.twitter.com/vfF6DM68ga
— Oleg Shakirov (@shakirov2036)
Russian media reports indicate that the Russian president’s administration instructed its employees to dispose of their Apple devices in March. The FSB, however, did not provide any technical specifics regarding the malware or its alleged victims.
Based on Kaspersky’s report, the malware silently transmits private information, such as microphone recordings, instant messenger photos, geolocation data, and more, to remote servers.
Notably, the spyware can reinfect devices upon reboot, and during the final stages of infection, it deletes the initial message and exploit attachment to eliminate traces of compromise.
Kaspersky is still conducting an in-depth analysis of the spyware, acknowledging the challenges posed by iOS device security features, which can make inspection difficult.
