Apple Alerts Journalists and Activists to Mercenary Spyware Attacks
Credit: usfaridas / Shutterstock
Toggle Dark Mode
Apple is once again sending out threat notifications to users who may be targets of government-sponsored spyware attacks, according to a report from TechCrunch. The publication reports that an Italian journalist and a Dutch activist have confirmed that they received threat notifications from Apple via iMessage and email.
The notifications read as follows:
Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple Account. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously.
The message from Apple added that the notification was being sent to targeted users in 100 countries and advised users who have received the alert to enable Lockdown Mode while also making sure to update their iPhones to iOS 18.4.1. Apple also warned users to not open links or attachments from unexpected or unknown senders.
We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attacker adapt their behavior to evade detection in the future. Apple threat notifications like this one will never ask you to click any links, install an app or profile, or provide your Apple Account password or verification code by email or over the phone.
Phone calls and plain text messages will continue to work after Lockdown Mode is enabled. Also, emergency features, such as SOS emergency calls, are not affected by Lockdown Mode.
In addition to sending the alerts to targeted individuals, Apple also displays a Threat Notification at the top of the page after the user signs into their Apple Account at account.apple.com.
This is not the first time Apple has sent out warnings to targets of these types of attacks. The company began doing so in 2021, shortly after it announced a massive lawsuit against NSO Group, the developer behind the infamous Pegasus spyware. While Apple initially called these “state-sponsored attacks,” as tools like Pegasus are typically only available to government agencies, it shifted that language last year to “mercenary spyware attacks” after the Indian government reportedly expressed concerns about Apple “linking such breaches to state actors,” according to Reuters.
“Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total,” Apple says in its support article that explains how these threat notifications work.
Apple urges all users to protect themselves from malware, spyware, and other cybercriminal attacks by doing the following:
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for your Apple Account
- Install apps from the App Store
- Use strong and unique passwords online
- Don’t click on links or attachments from unknown senders
Mercenary spyware attacks like the one Apple has warned about are well-funded, usually by governments. The attacks evolve, becoming more sophisticated over time, and Apple relies on investigations and threat-intelligence information to learn about such attacks. Apple refuses to provide information about what exactly causes it to issue threat warnings, as the company fears that the information could allow mercenary spyware attackers to modify their attacks to better avoid detection in the future.
