FSB alleges massive Western phone-hacking operation targeted Kremlin officials and journalists

• Russia’s FSB accused Western intelligence of hacking thousands of Russian officials’ smartphones through undetectable spyware.
• The malware exploited zero-day vulnerabilities to access messages, calls, location, audio, and video without users’ knowledge.
• Kaspersky Lab first detected the operation in 2023 on employee Apple devices via a silent malicious message.
• AI is now used to analyze vast intercepted data faster than humans, making mass hacking cheaper than traditional espionage.
• The FSB opened a criminal investigation and warned Russian officials against discussing confidential info near any mobile device.

Your phone is in your pocket, but is it really yours? Russia’s Federal Security Service answered that question darkly on Tuesday, claiming that Western intelligence agencies had silently commandeered the smartphones of Russian diplomats, politicians, military officers and journalists — listening, watching and tracking, all without their targets ever knowing. The FSB called it “one of the largest operations involving the installation of malicious software on mobile devices” ever uncovered, and said artificial intelligence has now made this kind of mass surveillance cheaper and faster than old-fashioned spycraft.

The announcement, made this week in Moscow, describes a sprawling covert operation that the FSB says began unraveling in 2023. The agency says compromised devices gave foreign intelligence services access to private messages, phone calls, geolocation data and even ambient audio and video from the phones’ surroundings. Whether or not the claims are fully verifiable, the details are striking enough to demand attention.

How the hack worked

The trail began not with a spy agency, but with a cybersecurity firm. Experts at Kaspersky Lab, the Russian cybersecurity company that the United States banned in 2024, first noticed unusual network activity on employees’ Apple devices in 2023. A Kaspersky representative explained that targets had received an undetectable message through Apple’s standard messaging app, which then silently deployed spyware that gained “complete control” of the device.

The malware’s capabilities were extensive. Among other things, the software could “start an audio recording for the next three hours, and it didn’t matter whether the phone had no connection or internet access,” the Kaspersky representative said. “As soon as the phone regained connection, that audio recording would be sent to the attacker’s server.” Messages, contact lists, location data and video surveillance of the phone’s surroundings were also within reach.

The vulnerability exploited was what security professionals call a zero-day — a flaw in software that is unknown even to its own developers, leaving no patch available and no defense in place. The FSB did not publicly identify which countries it believes were responsible, nor did it disclose how many devices were affected.

AI changes the math on espionage

Perhaps the most consequential claim in the FSB’s statement is not about how the data was collected, but about what happens to it afterward. The sheer volume of intercepted communications gathered by Western spy agencies would have been impossible for humans to process just a few years ago, the agency said. Today, artificial intelligence is being used to analyze it within minutes.

That shift matters. “It appears that Western intelligence agencies assumed it would be easier and cheaper to mass hack cell phones than to recruit costly informants among holders of state secrets,” the FSB stated. An unidentified FSB officer, his face turned away from the camera in an accompanying video, put it more bluntly: “Western intelligence obviously thought it would be simpler and cheaper to hack mobile phones than recruit high-value informants among holders of state secrets.”

The officer also claimed that compromised Russian officials are “systematically” added to U.S. and EU sanctions lists after Western intelligence agents collect “compromising materials” to pressure them — an allegation with no independent verification.

A long history of surveillance

The United States has been building its cyber-espionage infrastructure for decades. The Patriot Act, passed in the weeks following the Sept. 11, 2001 attacks, gave American intelligence agencies sweeping authority to demand data from technology companies in the name of national security. That infrastructure has not always been confined to foreign adversaries: in 2013, the U.S. was caught monitoring the personal phone of then-German Chancellor Angela Merkel, a close ally.

The FSB’s latest accusations also extend to major technology platforms. A video released by state news agency TASS showed footage of the San Francisco and London offices of web infrastructure companies Fastly and Cloudflare. Russia blocked access to Cloudflare last year after the company ignored a 2023 demand from Russia’s communications regulator, Roskomnadzor, to register in a database requiring firms to hand user data to the FSB on request. Cloudflare was fined. Apple has previously denied Russian accusations that it cooperated with U.S. intelligence.

The FSB announced Tuesday that it has opened a criminal investigation into the unauthorized access of computer data and the distribution of malicious software. It issued a warning to Russian officials: “Discussing confidential information via these devices or in close proximity to them is strictly forbidden. The content of your conversations could become exposed to third parties and lead to irreversible consequences.”

The claims are unverified and come from a government with obvious motives to cast Western intelligence in the worst possible light. But stripped of the geopolitical noise, the underlying technical picture — AI-accelerated mass surveillance through invisible exploits on ubiquitous consumer devices — is a reality that no government, and no phone owner, can dismiss.

Sources for this article include:

RT.com

English.Pravda.ru

TheMoscowTimes.com