Apple Warns Users of Mercenary Spyware Attacks and What it Means

Although we don’t hear about mercenary spyware like Pegasus and Predator nearly as often as we did a few years ago, that doesn’t mean those threats aren’t still out there. It’s just that most of us hopefully aren’t interesting enough to shadowy government agencies to become targets of these military-grade hacking tools.

However, it seems that mercenary spyware is still alive and well, as iPhone users around the globe discovered this week. According to TechCrunch, Apple sent out alerts to individual iPhone users in 92 different countries yesterday at noon Pacific time, notifying them that they were being targeted by a “mercenary spyware attack that is trying to remotely compromise [their] iPhone.”

Apple began sending out these notifications in late 2021, the day after it announced a massive lawsuit against NSO Group, the Israeli firm behind the notorious Pegasus industrial spyware.

The notifications were the second prong in Apple’s goal to put NSO Group and other makers of such weaponized spyware out of business. The lawsuit described NSO Group as “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse,” while the notifications were hoped to both expose the prevalence of the insidious spyware as well as protect iPhone users from its effects.

That second part of the goal bore fruit pretty quickly; within hours of the announcement, six Thai activists and researchers received alerts that they’d been targeted by “state-sponsored attackers.” Two weeks later, Apple notified at least nine US State Department employees working on matters related to Uganda that they’d also been targets of industrial-grade spyware.

According to an Apple Support Page, these attacks are often directed at journalists, activists, politicians, and diplomats, and they’re “ongoing and global.” Apple says that it sends threat notifications multiple times per year as it detects each new attack, and to date, it has notified users in over 150 countries in total.

This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.Apple threat notification (via TechCrunch)

The latest round of threat notifications may be related to another warning that went out to several journalists and politicians in India in October. At that time, Amnesty International, which first brought to light how Pegasus was being used to target and spy on human rights defenders, reported that it had found evidence of Pegasus on the iPhones of prominent journalists in that country. People familiar with the matter told TechCrunch that users in India are among those who received threat notifications this week.

Apple doesn’t typically disclose too many details in its threat notifications, so it’s difficult to say what triggered them or even which spyware tool is behind them, “as that may help mercenary spyware attackers adapt their behavior to evade detection in the future,” the company says. However, it’s a politically delicate time in many of these countries; with upcoming elections, many state-sponsored attackers — both internal and external — are working to sway electoral outcomes to their liking.

The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today.Apple

The language used in the notifications has also changed recently. While Apple previously called these “state-sponsored attacks,” it now uses the more neutral “mercenary spyware attacks.” Nevertheless, the costs involved in acquiring and using tools such as Pegasus and the restrictions that NSO Group supposedly places on who it sells to means that Pegasus and other similar industrial-grade spyware are typically only employed by government agencies.

Ostensibly, Pegasus is supposed to be used for combating terrorism and organized crime, which is presumably why the Israeli firm behind it is allowed to exist. While it claims to take steps to ensure that its software isn’t misused, it’s a hard line to draw when dealing with governments that blur the lines between a “terrorist” and a human rights defender.

The only good news for most of us who aren’t involved in international activism is that we’re unlikely to ever become victims of these tools. As Apple says, “the vast majority of users will never be targeted by such attacks,” but that doesn’t stop the company from exercising diligence to ensure that its platform stays as secure as possible, and nearly every iOS update released in the past four years has been about hardening the operating system and closing the new loopholes that these tools keep finding and exploiting.