Security News > 2023 > June > Russia says US hacked thousands of iPhones in iOS zero-click attacks

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.
Kaspersky says the campaign started in 2019 and reports the attacks are still ongoing.
As it's impossible to analyze iOS from the device, Kaspersky used the Mobile Verification Toolkit to create filesystem backups of the infected iPhones to recover information about the attack process and the malware's function.
While the malware attempts to delete traces of the attack from devices, it still leaves signs of infection, like system file modifications that prevent the installation of iOS updates, abnormal data usage, and the injection of deprecated libraries.
In a statement coinciding with Kaspersky's report, Russia's FSB intelligence and security agency claims that Apple deliberately provided the NSA with a backdoor it can use to infect iPhones in the country with spyware.
The FSB alleges that it has discovered malware infections on thousands of Apple iPhones belonging to officials within the Russian government and staff from the embassies of Israel, China, and several NATO member nations in Russia.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Ukrainian extradited to US for Nefilim ransomware attacks (source)
- Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)