Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware
June 03, 2026 
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named.
On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The FSB said malware had been planted on those devices for cyberespionage purposes. The malicious code allows stealing data, intercepting calls, and secretly activating microphones and cameras. FSB opened a criminal investigation; however, it did not attribute the campaign.
“The Federal Security Service of the Russian Federation has uncovered and documented a large-scale operation by foreign intelligence services to implant and use malicious software on the mobile communication devices of senior Russian officials, used to extract existing data, intercept ongoing conversations, and conduct covert acoustic and video monitoring of the environment near electronic devices, aimed at obtaining sensitive information.” reads the announcement.
That’s the entirety of the technical detail the FSB provided. No malware name, no indicators of compromise, no forensic artifacts, nothing that would allow independent researchers to verify or scrutinize the claim.
The statement also noted that the operation exploited the technical capabilities of “major international IT corporations” through mobile devices, which is vague enough to mean almost anything.
“Using the technical capabilities of major international IT corporations, representatives of foreign intelligence services covertly and without authorization extracted various types of information from the devices of cyberattack targets.” continues the report.
The phrase “major international IT corporations” could be a reference to device manufacturers, platform operators, or app developers. The FSB doesn’t say, and the distinction matters.
The FSB’s investigative unit has opened a criminal case under two articles of the Russian Criminal Code: Article 272, covering unauthorized access to computer information, and Article 273, covering the creation, use, and distribution of malicious software. The investigation is ongoing. No arrests have been announced, no suspects named, no foreign government identified.
This is not the first time Russia has made this kind of accusation without technical follow-through. In 2023, the FSB claimed the US National Security Agency had compromised thousands of iPhones in a mass surveillance operation. That claim coincided with Kaspersky’s disclosure of Operation Triangulation, a real and technically documented iPhone espionage campaign. The FSB’s attribution to the NSA, however, was never independently confirmed, and Apple denied any cooperation with any government. The pattern is consistent: a plausible premise, a credible threat category, and a political accusation without the forensic evidence that security researchers would need to take it seriously.
The FSB closed its statement with a warning that reads more like a security awareness flyer than an intelligence disclosure.
“The FSB of Russia warns that the intelligence services of foreign states use modern information technologies in their destructive activities, including mobile communication devices.” states the Russian intelligence agency. “Discussing confidential information on them or near them is inadmissible, as the content of your conversations may become known to third parties and lead to irreversible consequences.”
Irreversible consequences. The kind of phrase that ends conversations rather than starting them.
The irony is that the underlying threat is entirely real. State-backed mobile surveillance operations are a well-documented feature of modern intelligence work, and senior government officials’ phones have been legitimate targets for decades. Russia’s own offensive cyber operations are equally well documented. The FBI warned last year that hackers linked to the FSB’s Center 16 were actively exploiting an old Cisco vulnerability to harvest configuration files from critical infrastructure networks across multiple countries. A spy agency accusing other spy agencies of spying is not exactly a news headline that writes itself with outrage.
What would make this claim credible is the same thing that made Operation Triangulation credible: technical evidence. Malware samples, network indicators, command-and-control infrastructure, device telemetry.
The FSB has had since at least the time of the alleged operation to collect and preserve that material. Publishing a statement without any of it isn’t a disclosure. It’s an accusation.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Russia)
