Russia accuses United States of hacking into iPhones

On June 1, 2023, the Russian government’s cybersecurity alert center published a report accusing to the United States of infecting a large number of iPhones in Russia. The report details the MO, which is said to exploit a flaw in iMessage, through a text message containing zero-click spyware. The latter is thus automatically installed, without the user having to open the text message.

The spyware then deletes the sent message and collects as much data as possible on the targeted terminal, without leaving a trace. According to the Russian government, the malware has already infected at least a thousand smartphones, including those of several diplomats. The MO resembles that of private spyware sold exclusively to States, like NSO Group’s Pegasus.

On the same day, the Russian cybersecurity firm Kaspersky announced the iPhones of a dozen of its staff, middle management as well as senior executives, had been hacked with spyware. Both attacks are probably linked to the same campaign; however Kaspersky has said it is not the “main target” of this cyberattack.

“The oldest traces of infection we discovered go back to 2019. At the time of writing, in June, 2023, the attack is ongoing and the most recent version of the successfully targeted devices is iOS 15.7,” stated Kaspersky.

The FSB accused Apple of having provided the NSA with backdoors to facilitate the hack. An Apple spokesperson vigorously denied these allegations, claiming the company “had not worked with any State to introduce backdoors in Apple products.”

Apple and US authorities have been at odds in the past, in particular when law enforcement requested access to locked iPhones. The company has always refused to collaborate, saying it has never designed backdoors to access its smartphones. Apple left Russia at the start of the invasion of Ukraine, in February 2022.