Apple informed iPhone users in 92 countries on Wednesday (at 12pm Pacific Time) that they may be targeted by mercenary spyware attacks. The company did not reveal the identity of the attackers or the countries where the notifications were sent.
Apple wrote in the warning to affected customers: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-.”
Apple sent alerts to users multiple times a year and has notified users in over 150 countries since 2021, according to an updated Apple support page.
Apple sent an identical warning to a number of journalists and politicians in India in October last year. Later, non-profit advocacy group Amnesty International reported finding Israeli spyware maker NSO Group’s invasive malware Pegasus on the iPhones of prominent journalists in India (users in India are among those who have received Apple’s latest threat notifications, according to people familiar with the matter).
The spyware alerts come at a time when many nations are preparing for elections, and tech firms have cautioned about rising state-sponsored efforts to sway electoral outcomes. However, Apple’s alerts did not remark on their timing.
“We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future,” the company told impacted customers.
Previously, Apple described the attackers as “state-sponsored” but replaced all such references with “mercenary spyware attacks.”
The warning to customers adds: “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.”
Apple said it relies solely on “internal threat-intelligence information and investigations to detect such attacks.” “Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously,” it added.