Apple has issued threat notifications to users in over 150 countries, warning that they may have been targeted by sophisticated mercenary spyware attacks. This type of cyberattack, often deployed by state actors or private companies on their behalf, is vastly more complex and expensive than regular cyber criminal activity.
Mercenary spyware is incredibly sophisticated hacking tools, designed to infiltrate a user’s device and steal their data. This can include private messages, emails, and even phone calls, One of Mercenary spyware examples of is Pegasus, created by the Israeli cyber-arms firm NSO Group, which was used to remotely hack into victims devices by exploiting unknown security vulnerabilities on the target devices.
These companies operate in a legal gray area, claiming their spyware and hacking tools are meant to target outlaws, criminals and terrorists. However, investigations by cybersecurity researchers such as Citizen Labs have revealed these tools are routinely used to spy on journalists, activists, politicians, government officials and diplomats.
According to Apple’s “threat notifications” advisory, when Apple detects activity consistent with a mercenary spyware attack, it notifies the targeted users via a threat notification on their Apple ID page and sends an email/iMessage alert. The notifications provide steps users can take to protect their devices, including enabling Lockdown Mode.
“Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously,” the advisory states. However, Apple cannot disclose what triggers these alerts, as that could help attackers evade detection.
If you receive an Apple threat notification, Apple provides resources to help, but reaching out to a cybersecurity expert is highly recommended.