Apple has issued security alerts to millions of iPhone users across 92 countries, stating that their devices are being targeted by mercenary spyware. The alerts suggest that the attack is likely targeting users based on their identity or activities.
Apple has been informing users of threats for years, targeting journalists and politicians in over 150 countries since 2021. Some users have found invasive Pegasus spyware on their iPhones, created by Israeli spyware maker NSO Group. However, the company hasn’t provided any official numbers in the current case.
Apple Requests Users to Take It Seriously!
As reported by The Economic Times, Apple has stated in the warning email that the attack is likely targeted due to specific characteristics or actions, urging users to take it seriously.
A targeted mercenary spyware attack could remotely access sensitive data, communications, or even the camera and microphone, according to Apple’s threat notification email.
Despite the Indian government’s opposition to security alerts by Apple, India is among the countries affected by this issue, and it’s unclear if US iPhone owners were targeted, as Apple hasn’t provided any further details.
Apple has sent multiple alerts to over 150 countries since 2021 and it previously sued Israeli firm NSO Group for aiding adversaries in targeting iPhone users. Moreover, Apple has been releasing iOS updates to address potential spyware attacks, often as emergency security measures, especially when an iPhone flaw is already being exploited.
If you have received this notification, remember that Apple has dedicated a page to offer guidance on changing passwords and enabling two-factor authentication to enhance security.
What are Mercenary Attacks?
Mercenary attacks are targeted spyware attacks, which are a unique type of cyberattacks that targets specific individuals based on their profession, social status, or access to sensitive information. They use sophisticated spyware, like Pegasus, to infiltrate devices and gather vast amounts of data.
These attacks, are expensive and require extensive resources to execute. Mercenary attacks are rare and complex cybercrimes, costing millions and targeting a small number of people worldwide, according to a company email.
Brian Higgins, security specialist at Comparitech commented on the issue. “There have been enough periodic Pegasus activations in recent years for those who are regularly targeted to hopefully have some kind of response or mitigation plans in place,“ he said.
“Most often journalists and activists in jurisdictions of risk are targeted as they are vulnerable to intervention, prosecution and attack by the regimes they challenge – and data harvested in these breaches can facilitate all of these activities,“ Brain warned.
“It’s rather a disappointing buck-passing exercise for Apple to direct them to a third party, non-profit Security Helpline, given the history of implications for individual targets in previous incidents. You’d think as proprietors of a vulnerable platform, they would offer to help out themselves.“