Security News > 2023 > June > Russia says US hacked thousands of iPhones in iOS zero-click attacks
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.
Kaspersky says the campaign started in 2019 and reports the attacks are still ongoing.
As it's impossible to analyze iOS from the device, Kaspersky used the Mobile Verification Toolkit to create filesystem backups of the infected iPhones to recover information about the attack process and the malware's function.
While the malware attempts to delete traces of the attack from devices, it still leaves signs of infection, like system file modifications that prevent the installation of iOS updates, abnormal data usage, and the injection of deprecated libraries.
In a statement coinciding with Kaspersky's report, Russia's FSB intelligence and security agency claims that Apple deliberately provided the NSA with a backdoor it can use to infect iPhones in the country with spyware.
The FSB alleges that it has discovered malware infections on thousands of Apple iPhones belonging to officials within the Russian government and staff from the embassies of Israel, China, and several NATO member nations in Russia.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- US Cyber Command reportedly pauses cyberattacks on Russia (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)