MOSCOW — The phone sitting in a senior Russian official’s pocket had become a listening post. According to Russia’s Federal Security Service, it had been turned against its owner long before anyone noticed — and when the FSB finally did notice, what it found implicated not a rogue hacker but a coordinated, multi-state intelligence operation with the infrastructure of two prominent American technology companies running quietly in the background.
The FSB announced Tuesday that it had uncovered a foreign intelligence scheme targeting the smartphones of high-ranking Russian government employees, extracting communications, contact lists, location data, and — notably — granular readings of public sentiment within Russian society. The operation, the agency said, leveraged the legitimate content delivery and networking infrastructure of Fastly and Cloudflare, both US-based companies, to route the stolen data out of the country without detection.
“The collection of data on contacts, plans and sentiments in society was planned to be carried out directly without intermediaries like NGOs,” an FSB officer stated in a video the agency released alongside the announcement. The phrasing was pointed: traditional recruitment through civil society organizations was too expensive, too slow, and too visible. Hacking the phone was cheaper, and the phone never asks questions.
The FSB’s disclosure did not name a specific foreign country or intelligence service responsible, though its reference to “several states” coordinating the operation was unlikely to be interpreted as anything other than a Western attribution in Moscow’s framing. The announcement arrives at a moment of intensified scrutiny over how intelligence agencies exploit commercial technology infrastructure — a concern that is neither uniquely Russian nor uniquely directed at the United States.
What the FSB described goes beyond conventional smartphone hacking. The malicious software allegedly enabled covert access to message contents, acoustic monitoring of the device’s surroundings, video activation, and the harvesting of geolocation and contact metadata. None of this required the target to click a link or open an attachment. The infection, the agency said, was silent.
The sanctions dimension is where the operation takes on a second layer of consequence. The FSB said that individuals whose devices were compromised, and whose communications yielded usable compromising material, were subsequently added to Western sanctions lists. The implication was explicit: the data harvest was not merely intelligence gathering but the pipeline through which pressure was manufactured and applied. Surveillance, in this framing, was a precondition for economic and political coercion.
That allegation remains unverified and, for now, uncontested — no Western government or the named companies responded to the FSB’s claims by the time of publication. Fastly and Cloudflare each provide content delivery and DDoS-mitigation services used by thousands of organizations globally; their infrastructure is by design difficult to distinguish from ordinary internet traffic, which is precisely what makes it attractive to anyone seeking to obscure data exfiltration pathways. The FSB did not detail the specific technical mechanisms by which these networks were allegedly used, and its assertion of corporate complicity — a recurring feature of Russian cybersecurity disclosures — was not accompanied by technical evidence.
The announcement is the latest in a series of Russian intelligence disclosures that have highlighted the intersection of commercial technology and state espionage. In 2023, the FSB accused US intelligence of exploiting zero-day vulnerabilities in Apple’s iOS to compromise thousands of devices in Russia, including those belonging to foreign diplomats stationed in Moscow. That case, known as Operation Triangulation, was simultaneously disclosed by Kaspersky Lab, which found that some of its own senior employees had been targeted. Apple denied any backdoor arrangement with US intelligence.
Tuesday’s disclosure shares structural similarities with that 2023 case: malware that operates silently, data extracted through routes that exploit trusted infrastructure, and an attribution to US-aligned intelligence that is stated as fact but offered without technical corroboration in the public release. Whether the current case involves a distinct technical campaign or represents a continuation of previously identified activity is not yet clear. The FSB framed it as a new and escalating operation with “far-reaching consequences and serious risks.”
“It can already be stated that this is a multi-level operation with far-reaching consequences and serious risks, which involves the coordination of several states,” the FSB officer said.
The specific targeting of senior officials’ phones for social sentiment data, rather than operational secrets alone, marks a distinction worth examining. Intelligence services routinely seek policy positions, negotiating strategies, and military intentions. Mapping how senior officials privately perceive public opinion inside their own country is a different category of collection — one oriented less toward understanding what Russia’s government plans to do, and more toward understanding what its leadership believes about its own society’s stability. It is the kind of data that could inform both information operations and, as the FSB suggested, the calibration of sanctions pressure against individuals.
What the FSB cannot yet say, or has chosen not to say, is how long the operation ran before detection, how many officials were affected, or what specific data was successfully extracted before the malware was identified. Those are the questions that will determine whether Tuesday’s announcement is the conclusion of an investigation or an opening statement in a longer disclosure.
According to Sputnik International, the FSB characterized the scheme as more cost-efficient than traditional human intelligence recruitment, with foreign agencies calculating that hacking a phone eliminated the need for expensive informants who carry their own risks of exposure or defection.
—Inputs from Sputnik.
