\u201cWe have never worked with any government to insert a backdoor into any Apple product and never will,\u201d Apple spokesperson Scott Radcliffe said in a statement.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

Kaspersky researchers said they created offline backups of the targeted iPhones and inspected them with a tool developed by Amnesty International<\/a> called the Mobile Verification Toolkit<\/a>, or MVT, which allowed them to discover \u201ctraces of compromise.\u201d The researchers did not say when they discovered the attack, and said that they found traces of it going as far back as 2019, and that \u201cattack is ongoing, and the most recent version of the devices successfully targeted is iOS 15.7.\u201d<\/p>\n

While the malware was designed to clean up the infected devices and remove traces of itself, \u201cit is possible to reliably identify if the device was compromised,\u201d the researchers wrote.<\/p>\n

In the report, the researchers explained step by step how they analyzed the compromised devices, outlining how others can do the same. They did not, however, include many details of what they found using this process.<\/p>\n

The researchers said that the presence of \u201cdata usage lines mentioning the process named \u2018BackupAgent\u2019,\u201d was the most reliable sign that an iPhone was hacked, and that another one of the signs was that compromised iPhones could not install iOS updates.<\/p>\n

\u201cWe observed update attempts to end with an error message \u201cSoftware Update Failed. An error occurred downloading iOS,\u201d the researchers wrote.<\/p>\n

The company also published a series of URLs that were used in the operation, including some with names such as Unlimited Teacup and Backup Rabbit.<\/p>\n

The Russian Computer Emergency Response Team (CERT), a government organization that shares information on cyberattacks, published an advisory on the cyberattack, along with the same domains mentioned by Kaspersky.<\/p>\n

In a separate statement, Russia\u2019s Federal Security Service (FSB) accused U.S. intelligence \u2014 mentioning NSA specifically \u2014 of hacking \u201cthousands\u201d of Apple phones with the goal of spying on Russian diplomats, according to an online translation. The FSB also accused Apple of cooperating with American intelligence. The FSB did not provide evidence for its claims.<\/p>\n

The NSA did not immediately respond to a request for comment.<\/p>\n

The FSB\u2019s description of the attacks echoes what Kaspersky wrote in its report, but it\u2019s unclear if the two operations are connected.<\/p>\n

\u201cAlthough we don\u2019t have technical details on what has been reported by the FSB so far, the Russian National Coordination Centre for Computer Incidents (NCCCI) has already stated in their public alert that the indicators of compromise are the same,\u201d VanHorn said.<\/p>\n

Also, the company declined to attribute the operation to any government or hacking group, saying \u201cKaspersky does not do political attribution.\u201d<\/p>\n

\u201cWe don\u2019t have technical details on what has been reported by the FSB so far, hence we are unable to do any technical attribution either. Judging by the cyberattack characteristics we\u2019re unable to link this cyberespionage campaign to any existing threat actor,\u201d VanHorn wrote.<\/p>\n

The spokesperson also said that the company reached out to Apple on Thursday morning, \u201cbefore sending out the report to national CERTs.\u201d<\/p>\n

The company\u2019s founder, Eugene Kaspersky, wrote on Twitter that they \u201care quite confident that Kaspersky was not the main target of this cyberattack,\u201d while promising \u201cmore clarity and further details\u201d in the coming days.<\/p>\n

This is not the first time hackers have targeted Kaspersky. In 2015 the company announced that a nation-state hacking group, using malware believed to be developed by Israeli spies, had hacked its network<\/a>.<\/p>\n

Updated with additional details from Kaspersky and to include Apple\u2019s statement.<\/em><\/p>\n

Corrected the date in the second paragraph and the twentieth paragraph.\u00a0<\/i><\/p>\n