Apple has just sent a new series of notifications to iPhone users who may have been the target of sophisticated spyware attacks. According to information provided by Apple, these cyberattacks do not reveal mass hacking and do not target the general public. They are described as highly targeted, complex, and costing millions of dollars. Other tech companies, such as Google and WhatsApp (Meta), have also periodically sent such notifications to their users in recent years.
Targeted and Costly Attacks
The actors behind these operations have considerable resources, as they are often private companies developing and selling these highly intrusive surveillance tools to governments or state agencies. Pegasus software, developed by the Israeli firm NSO Group, is the best-known example of this type of "mercenary spyware," which doesn't choose its targets at random. These are typically individuals whose profile or activities make them attractive to state actors: journalists, human rights activists, political opponents, diplomats, and even lawyers. Their common thread is often their public role or access to sensitive information. Two people have come forward publicly to report receiving the notifications this week: Dutch activist Eva Vlaardingerbroek, described as a far-right political commentator, and Italian journalist Ciro Pellegrino, who works for the online media Fanpage.
An unequivocal warning message
The message sent by Apple to potentially targeted users is direct and alarming: “ALERT: Apple has detected a targeted attack by mercenary spyware against your iPhone […] This attack is likely directed specifically at you because of who you are or what you do. While it is never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning; please take it seriously." These important notifications are delivered through multiple channels to maximize the chances of them being seen: via email and iMessage linked to the user's Apple ID, as well as via a threat notification displayed when logging into the account.apple.com website.
Recipients shared their reactions: Ciro Pellegrino expressed his disbelief ("Did this really happen? Yes, this is not a joke") in an article he wrote himself, while Eva Vlaardingerbroek interpreted the alert as an "attempt to intimidate her, an attempt to make her silence, obviously."
What to do if Apple notifies you?
It's important to remember that cyberattacks using mercenary spyware are extremely targeted and do not constitute mass hacking, nor do they target the general public. Therefore, there is a relatively low chance that you will receive this message (contrary to what some press reports suggest), but if you receive such an alert from Apple, it should be taken seriously.
Recipients of these alerts are encouraged to consider them with the utmost seriousness, and Apple recommends seeking expert assistance. The company also specifies that it is possible to activate Isolation mode on Apple devices if a user has not received a threat notification, but has good reason to believe that they are the target of an attack via mercenary spyware. This very specific mode disrupts the user experience and the behavior of certain features of the device.
It will notably block certain types of attachments, limit connections or even disable certain web technologies in order to drastically reduce the "attack surface" exploitable by the most sophisticated spyware.
A persistent threat
This isn't the first time Apple has taken such an initiative. Similar waves of alerts have been sent in the past, notably in 2021 and more recently in July 2024. Since 2021, the Cupertino company claims to have notified potentially targeted users in more than 150 countries. However, it's not yet clear which specific spyware campaign Apple's current notifications relate to. The company doesn't go into detail, simply stating that it relies on internal information and investigations to detect such attacks. Furthermore, Apple generally doesn't disclose the precise information about what triggers these notifications. This discretion is explained by a desire not to provide clues to malicious actors.Like Apple, WhatsApp is also the target of sophisticated spyware
It is worth noting that Ciro Pellegrino is the second Italian journalist this year to have been notified of such targeting. Last February, his colleague at Fanpage, Francesco Cancellato, was informed by WhatsApp that the company had "disrupted the activities of a spyware company that, according to [they], had attacked [his] device." In this last case, according to WhatsApp, the spyware came from Paragon Solutions, an Israeli company. Citizen Lab, an organization specializing in spyware investigations, confirmed that it is investigating these attacks targeting WhatsApp users.
After Francesco Cancellato came forward, two other Italians, working for Mediterranea Saving Humans (an NGO helping to rescue immigrants), also reported being targeted by Paragon. Paragon reportedly severed ties with its Italian government client following these revelations, TechCrunch reports. Finally, Mashable reported earlier this month on another type of WhatsApp and Signal scam targeting human rights groups and Ukraine supporters, though this appears separate from the mercenary spyware attacks.
0 Comments