What to do about possible apple based hack - An iPhone 6, an iPhone 7, an iPhone X, an iPad AirLight, and a Macbook Air
These were under the same iCloud password, which has been changed since.
1. When it started, the owner was using his MacBook Air and all of a sudden he lost control and files started moving around and then deleting themselves as if he was being remotely accessed. When it was done, he went into his contacts and there was only one contact left. He restored his devices, and watched for other symptoms.
2. Messages keep going across the screen on the iPhone X, like foreign languages along with the words "delete a" and ",". When he tries to find these messages they are nowhere to be found.
3. Other messages being sent to the devices and then automatically deleting themselves. Some of these messages involved the people he thinks were involved.
... along with some general strange behavior that we're doing updates and cleanup with to make sure they're not related.
He has an idea who might have done it, they have been contacting him and they are a shady character. They haven't admitted anything. The owner's concerned he's still hacked, and he wants to find out who did it and clean up the situation. He is under a secure, hidden network in a remote location and isn't sure if his network has been compromised. We've updated all the devices to the most current iOS, and took off any shady programs. We ran malwarebytes on everything and didn't find anything. We've also checked all his settings and had him change all his passwords.
How do we:
1. Gather the evidence of who did this.
2. Lock out all his devices so that he is secure.
Thank you so much, the owner is really worried.