Kaspersky Lab has published a report on targeted attacks against devices running iOS. A corresponding message appeared on the FSB’s website.

what is known

“During the securing of the Russian telecommunications infrastructure, anomalies were detected resulting from the operation of previously unknown malware that exploits manufacturer-supplied software vulnerabilities that are unique to Apple mobile phone users,” the statement said. ”

Thus, the Rashists Apple has left a backdoor to allow its devices to be hacked, so it’s “cooperating closely” with US intelligence.. In total, “several thousand” infected smartphones were counted. At the same time, the victims were apparently found not only in Russia, but also among users of other countries – all using SIM cards registered in diplomatic missions and embassies in Russia, including the countries of the “NATO bloc and post-Soviet space. Israel, Syria and as well as China.”

The declared policy on ensuring the privacy of the personal data of users of Apple devices is not true. The company provides U.S. intelligence services with a wide range of capabilities to track both anyone with an interest in the White House, including its partners in anti-Russian activities, and its own citizens.
– says the report.

The FSB does not provide any technical details or details regarding the detected attacks. However, they can be found in Kaspersky’s report, which appeared later. The company called it “Operation Triangulation” and said the attack targeted employees from senior management to middle managers.

The company says the virus executes a series of commands to gather user and system information, as well as execute arbitrary code in the form of plug-ins sent from the management server. The program included in this has not been seen before. Lab experts determined that the infection occurred when the victim received a secret iMessage message with an attachment containing the zero-click exploit. That is, no user action is required to install the virus.

The installed spyware appears to be transmitting information from the victim’s device to remote servers undetected. Hackers are interested recordings from microphones, photos from messengers, data on geolocation and other actions of the owner of the hacked device.

The most interesting thing is that the virus is not installed on the system, it only works in RAM. However, even after restarting and clearing the RAM, the smartphone may become infected again.

The oldest timestamps of infections point to 2019.

What do they say at Apple?

Apple commented on accusations that its devices were intentionally infected: “Apple has not and will never work with any government to install a backdoor on any Apple device”– Quoting a statement from Reuters.