Kaspersky reported a major iOS exploit to Apple in recent years. They discovered it and helped unravel the details of how it worked. I understand the US decision, but it seems unlikely that they’re bad actors through and through. I guess the Russian state could lean on them to do their bidding though and that potential is enough to consider them a threat.