Russian government accuses Apple of colluding with NSA in iPhone spy operation

A Russian intelligence agency said thousands of iPhones were infected in an operation that shows "cooperation" between Apple and the NSA.
A man talks on the phone walking along Red Square in front of St. Basil's Cathedral in central Moscow on February 28, 2023. (Photo by Alexander NEMENOV / AFP) (Photo by ALEXANDER NEMENOV/AFP via Getty Images)

The Russian government on Thursday accused Apple of colluding with the U.S. intelligence community — and the National Security Agency in particular — to compromise thousands of iPhones connected to users in Russia and some devices inside foreign embassies in Moscow.

“The Russian authorities have uncovered a new fact of the US special services using American IT companies for global surveillance of US and other countries’ citizens,” a statement posted to the Russian Ministry of Foreign Affairs read Thursday.

The Russian Federal Security Service, known more commonly as the FSB, said in its own announcement that it “uncovered a reconnaissance action by American intelligence services” after detecting “anomalies … specific only to users of Apple mobile phones and are caused by the operation of previously unknown malicious software (VPO) that uses software vulnerabilities provided by the manufacturer.”

The agency claims that “several thousand” phones were infected belonging to domestic Russian users as well as phones registered “with diplomatic missions and embassies in Russia, including the countries of the NATO bloc and the post-Soviet space, as well as Israel, SAR and China, were revealed.”


The statement said the situation “testifies to the close cooperation of the American company Apple with the national intelligence community, in particular the US NSA, and confirms that the declared policy of ensuring the confidentiality of personal data of users of Apple devices is not true.”

In a statement to CyberScoop, an Apple spokesperson said, “we have never worked with any government to insert a backdoor into any Apple product and never will.”

Also Thursday, a team of researchers from Kaspersky — the Russian-founded cybersecurity company that maintains distinct legal entities across the world, operating in 200 countries and territories — published new research describing an “ongoing” zero-click iMessage exploit in the iPhone iOS that allows attackers to run code on phones with root privileges, implement a set of commands for collecting system and user information, and allows for the running of arbitrary code.

The researchers discovered what they call “Operation Triangulation” while analyzing network traffic for Kaspersky’s own corporate Wi-Fi network dedicated for mobile devices, it said.

“While monitoring the network traffic of our own corporate Wi-Fi network using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we discovered a previously unknown mobile APT campaign targeting iOS devices,” the company said in a page dedicated to the Operation Triangulation. “The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data.”


The company added that it was an ongoing investigation that requires analyzing a “substantial” amount of information. “Given the complexity of the attack, we are confident that we are not the only target, and invite everyone to join the research,” Kaspersky said.

A Kaspersky spokesperson told CyberScoop Thursday that the company is aware of the Russian government’s announcement. “Although the attacks look similar, we are unable to verify this as we don’t have technical details on what has been reported by the FSB so far.”

In response to questions from CyberScoop, Apple noted only that Kaspersky does not make any claim the vulnerability it discovered would work beyond iOS 15.7. The current Apple iPhone operating system is 16.5.

Yet, an official notice from the Russian Computer Emergency Response Team cited Kaspersky’s report in an alert published Thursday.

“The political piece of this puzzle is the most interesting,” said Oleg Shakirov, a cyber policy expert and consultant at the Moscow-based PIR Center think tank.


Kaspersky isn’t likely to formally attribute the attack, he said, but “as far as the FSB is concerned, there is really no pressure on them to provide more evidence to the public. If they believe in Apple’s involvement, this can already be used to justify restrictions on the use of iPhones and other products by government officials (which has already been reported) as well as by others, for instance those working in critical information infrastructure sectors.”

Shakirov added that “we don’t see a lot of substantiated accusations from Russia about U.S. cyber activities. Many vague accusations or claims without much backing. So today’s story, if it’s indeed related to the United States, is quite remarkable.”

In March, the Russian government banned some government officials from using iPhones over “concerns that the devices are vulnerable to Western intelligence agencies,” Reuters reported at the time. But as of Thursday as many as 30% of Russian presidential administration employees used iPhones for personal work, Kremlin spokesperson Dmitry Peskov said, according to The Moscow Times.

The NSA declined to comment on Thursday for this story.

Updated June 1, 2023: This story was updated after publication to reflect that the National Security Agency declined a request for comment. The story has also been updated to include a response from Apple.

Latest Podcasts