Apple Alerts iPhone Users in 92 Countries to Spyware Attacks

Apple has notified iPhone users in 92 countries around the world about a “mercenary spyware attack,” in which unknown actors are attempting to remotely compromise victims’ devices. To protect against such attacks, Apple recommends taking immediate action, including enabling Lockdown Mode on your device and updating your iPhone and other Apple products to the latest software version.

“Apple has detected that you are being targeted by a mercenary spyware attack attempting to remotely compromise the iPhone associated with your Apple ID,” the notification states. “This attack is likely targeting you because of who you are or what you do. While it is not possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning. Please take it seriously.”

Apple has not disclosed any information about the attribution of these cyberattacks or the specific countries where users received notifications. Typically, such attacks target journalists, activists, politicians, and diplomats due to their professional activities or sensitive information they may possess.

For example, last year Apple sent a similar warning to several journalists and politicians in India. Later, the non-profit human rights group Amnesty International reported finding Pegasus spyware on the iPhones of prominent Indian journalists.

“We cannot provide additional information about what led us to send you this notification, as doing so could help mercenary spies adapt their behavior to evade detection in the future,” Apple stated.

Recommended Protective Measures

• Enable Lockdown Mode on your device.
• Update your software to the latest versions.
• Seek qualified assistance, such as from the non-profit Digital Security Helpline, which offers free technical support and help to journalists, activists, and human rights defenders.

This week, Apple also updated its support page on protection against spyware attacks. The wording has changed from “state-sponsored attackers” to “mercenary spyware.” The company notes that such attacks are ongoing, international in scope, and often involve private companies developing spyware tools for government agencies. As a result, Apple does not link these attacks to specific perpetrators or geographic regions.

In its description of spyware attacks, Apple specifically highlights the Pegasus toolkit, created by NSO Group. Apple explains that these attacks are typically extremely well-funded, highly sophisticated, and aimed at a very narrow group of individuals.

Despite the complexity of these attacks, Apple assures users that it is doing everything possible to detect them, notify users, and help them take necessary precautions.

“Mercenary spyware attacks cost millions of dollars but often have a short ‘shelf life,’ making them difficult to detect and prevent,” the company writes. “Since 2021, we have sent threat notifications several times a year as such attacks are discovered, and to date, we have notified users in more than 150 countries worldwide.”