Without providing evidence, Russia’s Federal Security Service claimed on Monday that several thousand iPhones in the country were compromised in a recently disclosed spying operation it attributed to the US government, The Washington Post reported.
Russian cyber firm Kaspersky Lab claimed the campaign installed file-stealing malware on iPhones belonging to its employees running an outdated version of Apple’s mobile operating system. The firm added that it lacked sufficient evidence to attribute the breach to any specific government or organization.
The Federal Security Service (FSB) claimed that the attack targeted thousands of people, including diplomats there, that the United States was responsible, and that the presence of the vulnerability proved that Apple was working with hackers from the US government.
An Apple spokesman, while denying the allegations, said: “We have never worked with any government to put a backdoor into any Apple product and we never will,”.
The Chinese and Israeli foreign ministries did not return calls for comment after the FSB said the hackers were from those countries, among others, according to The Washington Post.
None of the affected devices, according to Kaspersky, were running an operating system newer than iOS 15.7, which was replaced in September 2022. Also, none of the affected devices were using Lock Mode, an optional setting that reduces the number of ways it can be attacked by limiting iMessage functionality, among other things.
A high-end government espionage operation would more often than not exploit a zero-day vulnerability, an undiscovered flaw that still affects software that is fully patched. International espionage often targets gadgets used by embassies and private security professionals.
Kaspersky didn’t reveal much that would help Apple determine what vulnerability was used, and the company only announced it overnight, hours before the FSB revealed its findings.
The security company, which often works with Russian law enforcement agencies, released a list of unknown websites that were used to connect to infected phones, as well as technical penetration indicators that consumers could use to probe their own devices.
Read Now:Joe Biden falls during the US Air Force Academy graduation ceremony
