Employees of Russian cybersecurity company Kaspersky were hacked en masse with malware on their iPhones.

Russian cybersecurity company Kaspersky has hacked the iPhones of dozens of employees via unknown malware. The company announced this itself this week.

facts

The hack was carried out via a zero-click exploit (where receiving the infected message is sufficient to exploit a vulnerability) in an iMessage attachment. Everything happened between just under one and three minutes.

The exact time of the attack was not disclosed, but traces were found back in 2019. The last successfully attacked system was iOS 15.7.

Preliminary finds

Kaspesrky itself has already published a preliminary report on the attack, but it is currently incomplete. The perpetrators are currently unknown. The hack was discovered during a WiFi network scan earlier this year. Subsequently, suspicious activities on iOS phones were detected.

According to a spokesman, one of the exploited vulnerabilities was usually patched by Apple in December, but there’s a chance the attack was carried out earlier. Meanwhile, Kasspersky created offline backups of the infected phones using the Mobile Verification Toolkit (MTV) developed by Amnesty International.

Although the malware is designed to leave no trace and then “clean” phones, researchers are confident they can still identify infected phones.

In the report, the researchers explained step-by-step how they did it, but a lot of information about what they thought was right was not shared. Two clues that an iPhone was compromised were traces of a process called BackupAgent and the fact that updates could no longer be performed. Kaspersky also released a number of URLs used in the attack.

Russia vs America

In a separate statement, Russia’s FSB (successor to the notorious KGB) leveled allegations against the United States. According to the Federal Security Service, the NSA (the American equivalent of the FSB) has hacked thousands of iPhones to spy on Russian diplomats. In the same breath, Apple was also accused of aiding and abetting these actions. The NSA has not yet responded to this.

The attacks described by the FSB appear to be identical to those described in Kaspersky’s report. However, it is not clear if there is a link and the FSB has not provided any direct evidence to support its claims. Kaspersky’s spokesman has already indicated that the Russian Computer Incident Coordination Center has indicated that the attacks are similar. However, the company does not want to name names or countries and says it does not want to get involved in politics.

In our region, Kaspersky has a physical presence in Utrecht, The Netherlands. Last year, the company warned about a questionable app that pretends to be WhatsApp, but should be avoided.