Russia’s Federal Security Service (FSB) said on Thursday it had uncovered an American espionage operation that compromised thousands of iPhones using sophisticated surveillance software.
Moscow-based Kaspersky Lab said dozens of its employees’ devices were compromised in the operation.
The FSB, the main successor to the Soviet-era KGB, said in a statement that several thousand Apple Inc devices had been infected, including those of domestic Russian subscribers as well as foreign diplomats based in Russia and the former Soviet Union.
“The FSB has uncovered an intelligence action of the American special services using Apple mobile devices,” the FSB said in a statement.
The FSB said the plot showed “close cooperation” between Apple and the National Security Agency, the U.S. agency responsible for cryptographic and communications intelligence and security. The FSB provided no evidence that Apple cooperated with, or had any awareness of, the spying campaign.
In a statement, Apple denied the allegation. “We have never worked with any government to insert a backdoor into any Apple product and never will,” the firm said in a statement.
Kaspersky CEO Eugene Kaspersky said on Twitter that dozens of his employees’ phones were compromised in the operation, which his company described as “an extremely complex, professionally targeted cyberattack” that had targeted workers in “top and middle-management.”
Kaspersky researcher Igor Kuznetsov told Reuters that his company had independently discovered anomalous traffic on its corporate Wi-Fi network around the start of the year. He said Kaspersky did not circulate its findings to Russia’s Computer Emergency Response Team until earlier on Thursday.
He said he could not comment on Moscow’s allegation that Americans were responsible for the hacking or that thousands of others had been targeted.
“It’s very hard to attribute anything to anyone,” he said.
In a blog post, Kaspersky said the oldest traces of infection it discovered dated back to 2019. “As of the time of writing in June 2023, the attack is ongoing,” the company said. It added that while its staff was hit, “we are quite confident that Kaspersky was not the main target of this cyberattack.” Reuters