Moscow-based Kaspersky Lab said dozens of its employees’ devices were compromised in the operation.
The FSB, the main successor to the Soviet-era KGB, said in a statement that several thousand Apple Inc (AAPL.O) devices had been infected, including those of domestic Russian subscribers as well as foreign diplomats based in Russia and the former Soviet Union.
“The FSB has uncovered an intelligence action of the American special services using Apple mobile devices,” the FSB said in a statement.
The FSB said the plot showed “close cooperation” between Apple and the National Security Agency (NSA), the U.S. agency responsible for cryptographic and communications intelligence and security. The FSB provided no evidence that Apple cooperated with, or had any awareness of, the spying campaign.
In a statement, Apple denied the allegation. “We have never worked with any government to insert a backdoor into any Apple product and never will,” the firm said in a statement.
The NSA declined to comment.
Kaspersky CEO Eugene Kaspersky said on Twitter that dozens of his employees’ phones were compromised in the operation, which his company described as “an extremely complex, professionally targeted cyberattack” that had targeted workers in “top and middle-management.”
Kaspersky researcher Igor Kuznetsov told Reuters that his company had independently discovered anomalous traffic on its corporate Wi-Fi network around the start of the year. He said Kaspersky did not circulate its findings to Russia’s Computer Emergency Response Team until earlier on Thursday.
He said he could not comment on Moscow’s allegation that Americans were responsible for the hacking or that thousands of others had been targeted.
“It’s very hard to attribute anything to anyone,” he said.
In a blog post, Kaspersky said the oldest traces of infection it discovered dated back to 2019. “As of the time of writing in June 2023, the attack is ongoing,” the company said. It added that while its staff was hit, “we are quite confident that Kaspersky was not the main target of this cyberattack.”
The FSB said the American hackers had compromised diplomats from Israel, Syria, China and NATO members in the espionage campaign.
Israeli officials declined comment. Chinese, Syrian and NATO representatives were not immediately able for comment.
The United States is the world’s top cyber power in terms of intent and capability, according to Harvard University’s Belfer Center Cyber 2022 Power Index, followed by China, Russia, the United Kingdom and Australia.
Both the Kremlin and Russia’s foreign ministry pointed to the significance of the matter.
“The hidden data collection was carried out through software vulnerabilities in U.S.-made mobile phones,” Russia’s foreign ministry said in a statement.
“The U.S. intelligence services have been using IT corporations for decades in order to collect large-scale data of Internet users without their knowledge,” the ministry said.
Russian officials said the plot had been uncovered as part of a joint effort by FSB officers and those of the Federal Guards Service (FSO), a powerful agency that runs the Kremlin bodyguard and was also once the KGB’s Ninth Directorate.
Officials in Russia, which Western spies say has constructed a very sophisticated domestic surveillance structure, have long questioned the security of U.S. technology.
Earlier this year, the Kremlin told officials involved in preparations for Russia’s 2024 presidential election to stop using Apple iPhones because of concerns that the devices are vulnerable to Western intelligence agencies, the Kommersant newspaper reported.
Kremlin spokesman Dmitry Peskov said all officials in the presidential administration knew that gadgets such as iPhones were “absolutely transparent.”