Federal Security Service says devices including those of domestic Russian subscribers as well as foreign diplomats have been compromised
A woman with an umbrella walks past a display advertising Apple iPhone 14 during rainy weather in Moscow. — Reuters
Russia's Federal Security Service (FSB) said on Thursday it had uncovered an American espionage operation that compromised thousands of iPhones using sophisticated surveillance software.
Moscow-based Kaspersky Lab said several of its senior employees' devices were compromised in the operation.
The FSB, the main successor to the Soviet-era KGB, said in a statement that several thousand Apple Inc devices had been infected, including those of domestic Russian subscribers as well as foreign diplomats based in Russia and the former Soviet Union.
"The FSB has uncovered an intelligence action of the American special services using Apple mobile devices," the FSB said in a statement.
The FSB said the plot showed "close cooperation" between Apple and the National Security Agency, the US agency responsible for cryptographic and communications intelligence and security.
In an alert published to its website, Russia's Computer Emergency Response Team echoed the FSB's warning and referred to research published on Thursday by Kaspersky Lab, which announced that "an extremely complex, professionally targeted cyberattack" had targeted an undisclosed number of employees in "top and middle-management".
The NSA declined to comment. Apple and the White House did not immediately respond to emailed requests for comment. Kaspersky did not return messages seeking further details about its research. Unlike the Russian officials, the company stopped short of blaming anyone for the hacks.
The FSB said the American spy operation had ensnared diplomats from Israel, Syria, China and NATO members in the espionage campaign.
Chinese, Israeli and NATO representatives were not immediately able to provide comment.
The United States is the world's top cyber power in terms of intent and capability, according to Harvard University's Belfer Center Cyber 2022 Power Index, followed by China, Russia, the United Kingdom and Australia.
Both the Kremlin and Russia's foreign ministry pointed to the significance of the matter.
"The hidden data collection was carried out through software vulnerabilities in US-made mobile phones," Russia's foreign ministry said in a statement.
"The US intelligence services have been using IT corporations for decades in order to collect large-scale data of Internet users without their knowledge," the ministry said.
Russian officials said the plot had been uncovered as part of a joint effort by FSB officers and those of the Federal Guards Service (FSO), a powerful agency that runs the Kremlin bodyguard and was also once the KGB's Ninth Directorate.
Officials in Russia, which Western spies say has constructed a very sophisticated domestic surveillance structure, have long questioned the security of US technology.
Kremlin spokesman Dmitry Peskov said all officials in the presidential administration knew that gadgets such as iPhones were "absolutely transparent".
"Using them for official purposes is unacceptable and prohibited," Peskov said, adding that officials were free to use iPhones for private, non-official communication.
Russian President Vladimir Putin has always said he has no smartphone, though the Kremlin has said the former KGB spy does use the internet from time to time.
Kaspersky said it discovered the digital espionage campaign after detecting anomalous traffic in its corporate Wi-Fi network.
The firm said the spyware was delivered by an invisible message that took advantage of vulnerabilities in Apple's iOS operating system. Information from the phone would then be spirited away to remote servers.
Kaspersky said the oldest traces of infection it discovered dated back to 2019. "As of the time of writing in June 2023, the attack is ongoing," the company said. It added that while its staff was hit, "we are quite confident that Kaspersky was not the main target of this cyberattack."
It promised more updates in the coming days.
Although neither Russian officials nor Kaspersky has put forward evidence that Apple knew about the alleged spying, much less cooperated with it, the revelation is likely to deepen suspicions about Apple in Russia.
Earlier this year, the Kremlin told officials involved in preparations for Russia's 2024 presidential election to stop using Apple iPhones because of concerns that the devices are vulnerable to Western intelligence agencies, the Kommersant newspaper reported.