Connect with us

Hi, what are you looking for?



Apple Denies Helping US Government Hack Russian iPhones

Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping the NSA hack iPhones.

Apple Security Research Device Program 2024

Apple has denied working with any government to add backdoors to its products after Russia accused the company of helping US intelligence agencies hack iPhones.

In a statement provided to SecurityWeek, an Apple spokesperson said, “We have never worked with any government to insert a backdoor into any Apple product and never will.”

The statement comes in response to the Russian security service FSB claiming that Apple has assisted US intelligence agencies, specifically the NSA, with a spying campaign targeting thousands of iOS devices belonging to local users and foreign diplomatic missions in NATO countries, China and Israel. 

The accusations are not surprising in the context of the United States’ involvement in the war between Russia and Ukraine. In fact, according to reports, Russian officials were told recently to ditch their iPhones due to data security concerns. 

The FSB’s latest accusations came just as Russian cybersecurity firm Kaspersky revealed that iPhones on its corporate network were targeted recently by an APT actor as part of a campaign it calls Operation Triangulation. 

The company’s investigation is ongoing, but the data analyzed so far shows that the attack starts with an attachment containing an exploit being sent to the targeted user via iMessage. 

The exploit is triggered without any user interaction. Code execution and privilege escalation vulnerabilities are exploited to download a sophisticated piece of malware that runs with root privileges. The malware can collect system and user information and run arbitrary code on the compromised system.

Advertisement. Scroll to continue reading.

Kaspersky’s CEO, Eugene Kaspersky, revealed in a blog post that several dozen iPhones belonging to senior employees were infected with the spyware, which can collect recordings via the device’s microphone, photos from messaging apps, geolocation, and other data. He noted that the malware prevents devices from receiving iOS updates and they have not found an effective way to remove the threat without losing user data.

It’s unclear if the attack involves the exploitation of zero-day vulnerabilities. Kaspersky has identified attacks dating as far back as 2019 and the newest iOS version confirmed to be targeted is iOS 15.7. 

Apple has highlighted this part of Kaspersky’s report, which suggests that the attacks do not involve the exploitation of zero-day vulnerabilities. iOS 15.7 was released in September 2022, and the latest version of the mobile operating system is 16.5. 

Kaspersky has not attributed the attack to any known or unknown threat group. This, however, would not be the first time the company has described the activities of a hacker group believed to be linked to the United States. 

Kaspersky is also known to publish reports detailing the activities of APTs tied to Russia. It has reportedly also helped the NSA uncover one of its worst-ever security breaches, but on the other hand it has also faced accusations of knowingly or unknowingly helping Russian hackers obtain NSA data.  

Nearly a decade ago, the company was targeted with the advanced Duqu 2.0 malware, which is believed to have been developed by Israeli intelligence.

Apple has shown willingness to work with US authorities on law enforcement matters, but it has taken a hard line when asked to implement encryption backdoors that would make it easier to conduct such investigations

In fact, the company has been strengthening and expanding encryption. In addition, it has dropped plans to implement features that could be abused for government surveillance. 

*updated to add information from Eugene Kaspersky blog post

Related: Appeals Court Sides With Corellium in Apple Copyright Case

Related: Apple Releases First-Ever Security Updates for Beats, AirPods Headphones

Related: Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...


Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.


US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.